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UNCLASSIFIED 


FEDERAL BUREAU OF INVESTIGATION 


Precedence : ROUTINE 

To : Cyber 


Date: 1/17/2012 

Attn: SSA| 

CCU- 2 

Attn: Victim-Witness Coordinator 


From: San Antonio 

Cyber C-4 
Contact: SA 


Approved By: 
Drafted By: 


lb-" 


be 

blC 


T 


Case ID #: 288A-SA-T&3W' (Pending) 

188B-SA-58304 -K (Pending) 

r ( 

Title: | 


3 ^ 


] ANTI SEC; 


TEXAS COMMISSION ON JAIL STANDARDS ( TCJS . STATE . TX . US ) 
VICTIM 

COMPUTER INTRUSIONS - CRIMINAL MATTERS 
Synopsis: To open case and GJ subfile. 

Details: On 11/08/2011, a CHS provided writer with a C D 

containinql — I 



b6 

b7C 

b7D 

b7E 


1 

ACS and 


searches on the term 



is an FD-302 of an 2006 interview of 
residence ini I in which he [ 


b6 

b7C 


The information provided the following: 


Name : 


OPEN & ASSIGI^CSSE / ^ 

UNCL AS S I F I Eflj} a ss/Alpha: > 

Case Agent: jpJ I \] j | jy 


SRC Codes 
CPI Codes 

Assess p i (Pull 

IDENTITY TH 
DATE: i-H - 1 







UNCLASSIFIED 


To: Cyber From: San Antonio 

Re: 288A-SA-NEW, 1/17/2012 


Telephone : 

Associate ftfemes ; none 
Addresses : 


Businesses : none 


b6 

b7C 


opened . 


It is requested that the case and Grand Jury subfile be 


UNCLASSIFIED 



UNCLASSIFIED 


t 

To: Cyber From: San -Antonio 

Re: 288A-SA-NEW, 1/17/2012 



LEAD ( s ) : 

Set Lead Is (Info) 

CYBER 

AT CCU2. DC 

For information only. 


Set Lead 2: (Info) 

SAN ANTONIO 

AT SAN ANTONIO. TEXAS 

To advise Victim-Witness Coordinator of case 
initiation. 

♦♦ ' 


UNCLASSIFIED 


3 




V 

1A Envelope 



Case ID: 288A-SA-63452 


OTHER SEALED ORDER 





I 


FD-340(Rev. 4-1 1-03) 

File Number 


Field Office Acquiring Evidence . 
Serial # of Originating Document. 


g Evidence 4 


Date Received 


From 


4 - ‘t-teU. 


OTHER SEALED ORDER 


(Name of Contributor/Interviewee) 


(Address) 


(City and State) 



To Be Returned □ Yes E^No 

Receipt Given □ Yes O^No 

Grand Jury Material - Disseminate Only Pursuant to Rule 6 (e) 
Federal Rules of Criminal Procedure 


□ Yes 

Federal Taxpayer Information (FTI) 

□ Yes 


S' No 


Reference: 


Descrir 


(Communication Enclosing Material) 


OTHER SEALED ORDER 


■Original notes re. interview 0 f 


DocLab Note 


ITEMS (S) 
CANNOT 
BE 

SCANNED 

DESCRIPTION 


CO 


■ ^ / 


' o ■ 

« 1 .. > 
f 

o 

FD-340 (Rev. 4-11-03) 


File Number w " G S ^£ 2 -' /f\ \^J 

i 

Field Office Acquiring; Evidence ! 


Serial # of Originating Docutrienf ! 

SI 

Date Received 1 0/ ( 0/ 2X) I Z. 

From 


(Name of Contributor/Interviewee) 


(Address) 


By 


5A 


(City and Stated 


To Be Returned d Yes 0^ No 

Receipt Given D Yes Cf No 

Grand Jury Material - Disseminate Only Pursuant to Rule 6 (e) 

Federal Rules of Criminal Procedure , 

□ Yes □ No 

Federal Taxpayer Information (FTI) / 

□ Yes □ No 


Title: 


b6 

b7C 


Reference:. 


O 

(Communication Enclosing Material) 


De scription; 


;• 0^ Origii 


Original notes re interview o f 




t 





FBI SAN ANTONIO 

CYBER SQUAD C-4 


FAX TRANSMITTAL SHEET 

Date: 2.~ < ?~f 2- 

Number of Pages: H' 

(Including Pax Sheet) " — 

To: 



Fax Number: 


From: 
Contact Number : 






Office: 

i 




b6 

b7C 


Fax: 


Reference: 



OTHER 



UNCLASSIFIED 


T 


FD-542 (Rev. 03-23-2009) 


FEDERAL BUREAU OF INVESTIGATION 


Precedence: ROUTINE Date: 02/09/2012 

To : San Antonio 


From: San Antonio 



Title: | 

ANTI SEC; 

TEXAS COMMISSION ON JAIL STANDARDS (TCJS . STATE . TX. US) - 
VICTIM 

COMPUTER INTRUSIONS - CRIMINAL MATTERS 

Synopsis: To claim statistical 

accomplishment . 

Details: On 09 / fj<5 /2m 2 . SA 

served a [ 

J Ivia facsimile. 

The letter requested the 


UNCLASSIFIED 

i 


b6 

b7c g&AzA 


b6 

b7C 


b6 

b7C 

b7E 



UNCLASSIFIED 



To: San Antonio From: San Antonio 

Re: 288A-SA-63452, 02/09/2012 


Accomplishment Information: 

Number : 1 

Type: CIP 2703(f) ORDER SERVED 

ITU: CIP 

Claimed By-: 

SSN : " 

Name 

Squad! C-4 


b6 

b7C 


♦♦ 


UNCLASSIFIED 


2 







INFORMATION NEEDED FROM AGENT FOR COMPLETION OF CRIMIRSL OPENING FORMS: 
(Complete one form for each defendant) 


NAME & AKA'S OF SUBJECT: 


Antisec 


ADDRESS : 


SEX: 
SSN : [ 


M DOB: 

i 

i 

i 



ID#: 

ARREST DATE: n/a 


COUNTRY OF CITIZENSHIP: USA 

IMMIGRANT STATUS : NON-RESIDENT / UNDOCUMENTED / LEGAL PERMANENT RESIDENT / VALID VISA 

IS THIS A SINGLE AGENCY, SHARED AGENCY OR TASK FORCE CASE? LIST ALL: 

AGENT/ AGENCY : FBI AGENCY CASE # : 288A-SA-63452 

Any other agency involved: 

AGENT/AGENCY : AGENCY CASE # : 

ANTICIPATED CHARGES: Title 18 USC 1030. Title 18 USC 2261 A(2)(A) 

(LIST LEAD CHARGE FIRST) 


ESTIMATED DOLLAR LOSS : none 


IN WHAT COUNTY OR COUNTIES DID THE CRIME OCCUR? 


County 


DOES SUBJECT HAVE COUNSEL? Unknown 

IF YES, CIRCLE ONE: FEDERAL DEFENDER / APPOINTED / RETAINED / PRO SE 

And LIST COUNSEL'S NAME AND ADDRESS : N/A 


IF THIS IS A BANK FRAUD CASE, IS THERE A PROGRAM AGENCY INVOLVED? 

(i.e.. Comptroller of the Currency, FDIC, etc.) IF SO, LIST AGENCY AND 
THEIR FILE NUMB E R-: n/a 


ARE THERE ANY VICTIMS IN THIS CASE? Yes IF SO, WHOM? Texas 
Commission on Jail Standards website at www.tcjs.tx.us 


IS THIS A SENSITIVE CASE? _Nq 

GIVE SHORT SYNOPSIS OF CASE: Subject of case is involved in computer hacking 
with the Anonymous group. Subject conducted unauthorized activity against 
www.tcis.tx.us as part of a computer intrusion attack against the site. 






(Rev. 05-01-2008) 


• • 

UNCLASSIFIED 

FEDERAL BUREAU OF INVESTIGATION 


Precedence: PRIORITY 

To : San Antonio 

From: San Antonio 

Cyber C-4 
Contact: SA 


Date: 02/27/2012 


Attn: SIA 


Approved By: 

Drafted By: 

Case ID #: 288A-SA-63452 
Title: 




(Pending) 




b6 

b7C 


ANTI SEC; 

TEXAS COMMISSION ON JAIL STANDARDS (TCJS . STATE . TX .US) 
VICTIM 

COMPUTER INTRUSIONS - CRIMINAL MATTERS 


Synopsis : 

Request SOS 


assistance on 

Details : 

Writer requests SOS 



assistance due 

to the overwhelming amount of time- sensitive data being prp vided 
by a CHS. This data often contains 


1 


] 


7 


Due to the amount, and frequency, of the data, it is not 
possible to provide timely updates to the affected FBI field 
offices and law enforcement agencies while also addressing 
current CIP National Security and CIP Criminal case load. 


It is anticipated that SOS 


assistance will 

consist of reading email, watching videos, and c onducting onlin e 
research regarding CIP Criminal hacktivism. SOS I I 

assistance is requested to assist C-4 Cyber in mitigating 
hacktivism threats which are presently ongoing in FBI San 
Antonio's AOR and in other FBI Field Office AORs. CHS reporting 
is arriving daily, but becomes stale if not utilized immediately 
to assist in preventing or responding to CIP Criminal Hacktivism 
threats. The duration of the captioned case is unknown and will 
be commensurate with the operational life of the CHS. 


Without SOSl 


assistance, there is a 


substantial risk of losing valuable information being provided by 


b7D 


b6 

b7C 


UNCLASSIFIED 



UNCLASSIFIED 


To: San Antonio From: San Antonio 

Re: 288A-SA-63452, 02/27/2012 


the CHS into CIP Criminal Hacktivism threats and the ability to 
mitigate these threats in a timely manner through prevention of 
attacks or mitigation of known or attempted intrusions. 


UNCLASSIFIED 


2 


UNCLASSIFIED 


To: San Antonio From: San Antonio 

Re: 288A-SA-63452 , 02/27/2012 


LEAD ( s ) : 


Set Lead Is (Action) 

SAN ANTONIO 


matter. 

♦♦ 


AT SAN ANTONIO. TEXAS 


Please assign SOS 


to captioned 


b6 

b7C 


UNCLASSIFIED 


3 



UNCLASSIFIED 


FEDERAL BUREAU OF INVESTIGATION 


Precedence: ROUTINE 

To : San Antonio 

From: San Antonio 

Cyber/C- 4 
Contact: SA 


Date: 02/20/2012 


Approved By: 
Drafted By: 


z 


Case ID #: 288A-SA-63452 (Pending) ^ 

Title: 


i 


b6 

b7C 


ANTI SEC; 


TEXAS COMMISSION ON JAIL STANDARDS (TCJS . STATE . TX. US) - 
VICTIM 

COMPUTER INTRUSIONS - CRIMINAL MATTERS 

Synopsis: To claim statistical accomplishment. 

Details: To date, during the course of this investigation, 

writer has accomplished numerous achievements. 

The owners of www. Icso . ora and www.pbso. ora were notified 
of trespasser activity against their sites. 


The sub j ect^ nfi the i nvest i oat i nn 
identified through 


1 


■lAias 


y 


be 

hie 

blD 


UNCLASSIFIED 



UNCLASSIFIED 


To: San Antonio From: San Antonio 

Re: 288A-SA-63452 , 02/09/2012 


Accomplishment Information: 


Number : 2 

Type: CIP VICTIM CONTACTED/ INTERVIEWED 

ITU: CIP 

Claimed By a 


SSN : 
Name : 
Squad :' 


~C T7 T 


Number : 1 

Type: CIP SUBJECT IDENTIFIED 

ITU: CIP 

Claimed By: 


SSN: 
Name : 
Squad :" 


C-4 


Number : 1 

Type: CIP INFORMANT /ASSET DEVELOPED 

ITU: CIP 

Claimed By,; 

SSN: 

Name : 

Squad 1 ! 


■c^r 


Number : 1 

Type: CIP CONSENSUAL MONITORING CONDUCTED 

ITU: CIP 

Claimed By: 


SSN: 
Name : 
Squad : 


U-4 


♦♦ 


UNCLASSIFIED 



UNCLASSIFIED/ /LAW ENFORCEMENT SENSITIVE 

FEDERAL BUREAU OF INVESTIGATION 


Precedence : ROUTINE 

To: San Francisco 


From: San Antonio 

Cyber /C -4 
Contact: SA 


Date: 04/11/2012 

Attn: San Jose RA 


SA 


Approved By: 
Drafted By: 


k2L 


b6 

b7C 


Case ID #: 288A-SA-63452 (Pending) 

Title : 


n 


ANTI SEC; 


TEXAS COMMISSION ON JAIL STANDARDS (TCJS . STATE . TX. US) - 
VICTIM 

. COMPUTER INTRUSIONS - CRIMINAL MATTERS 

Synopsis: Request location of subject of captioned case. 

En closure (s) : Enc losed for San Jose are two recent photographs 

of 


Details : 


1 a CHS provided writer with a CD 



b6 

b7C 

b7D 

b7E 


UNCLASSIFIED//LAW ENFORCEMENT SENSITIVE 


<3ffcfV5Afo34«5:M( 



UNCLASSIFIED 

San Francisco From: San Antonio 

288A-SA-63452, 04/11/2012 


Writer requests confirmation of the location of 


| the subject of this captioned case. 

to reside ini 


xs believed 


The subject's full name is 

I possible cellular telephone number 


ress : 


This residence is | 

primary residence. Other possible residents at 


that location may be 


appears to be currently 


Perti nent to this lead is the f 
subject of 


J. See case 288A-AT -99196 for further information 

Please be aware that I I mav be I 


UNCLASSIFIED/ /LAW ENFORCEMENT SENSITIVE 










( 


UNCLASSIFIED 


To: San Francisco From: San Antonio 

Re: 288A-SA-63452, 04/11/2012 


LEAD ( s ) : 


Set Lead Is (Action) 

SAN FRANCISCO 

AT SAN JOSE. CALIFORNIA 


Z 


Please determine the current residence of 
and d etermine whether he currently is 


Please include information on any electronic 


equipment that may be observed in subject's possession. 


♦♦ 
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b7C 


UNCLASSIFIED/ /LAW ENFORCEMENT SENSITIVE 


3 



BUREAU*^ 




FBI SAN ANTONIO 


CYBER SQUAD C-4 


FAX TRANSMITTAL SHEET 


Date: 

Number of Pages: 
(Including Fax Sheet) 


H-it-i z 
4 



Fax Number: 



From: 


Contact Number : Office: 



Reference: 


Fax: 




Precedence : ROUTINE 


Date: 04/20/2012 


To : Cyber 


Attn: 


SSA|_ 

CCU-2. 

ssa[_ 

CCU-1 


San Antonio Attn: CI- 

SSA 

CT-4 

From: San Antonio 

Cyber/C-4 

Contact: SA 



TEXAS COMMISSION ON JAIL STANDARDS (TCJS . STATE . TX . US) - 
VICTIM 

COMPUTER INTRUSIONS - CRIMINAL MATTERS 







UNCLASSIFIED 


To: San Francisco From: San Antonio 

Re: 288A-SA-63452 , 04/11/2012 



LEAD ( s ) : 

Set Lead Is (Info) 

CYBER 

AT CCU-1. WASHINGTON. DC 

No hard copy to follow. For information only 
Set Lead 2: (Info) 

CYBER 

AT CCU- 2. WASHINGTON, DC 

No hard copy to follow. For information only 
Set Lead 3 : (Action) 

SAN ANTONIO 

AT SAN ANTONIO. TEXAS 

For evaluation by CI-1 for actionable value. 
Set Lead 4 : (Action) 

SAN ANTONIO 

AT SAN ANTONIO. TEXAS 

For evaluation by CT-4 for actionable value. 


♦♦ 


UNCL AS S I F I ED / / FOR OFFICIAL USE ONLY 


46 


(Rev, 05-01-2008) 


# t 

UNCLASS I PI ED/ /FOR OFFICIAL USE ONLY 

FEDERAL BUREAU OF INVESTIGATION 


Precedence : ROUTINE 


Dates 04/20/2012 


To: Sacramento 


Attn: CY-1 


From: San Antonio 



TEXAS COMMISSION ON JAIL STANDARDS (TCJS . STATE . TX . US) - 
VICTIM 

COMPUTER INTRUSIONS - CRIMINAL MATTERS 


Svnnnfiis. Hi L /ETITTn 




* 


Enclosure (s) : Enclosed for Sacramento is a CD-ROM containing a 

copy of the database table in MS Excel format . 

Details: (U//FQUO^ Purina the recentl I 



OTHER Persuant to Sealed Court Order 

b6 

b7C 

b7D 










UNCLASSIFIED 


To: Sacramento From: San Antonio 

Re: 288A-SA-63452, 04/20/2012 

LEAD ( s ) : 

Set Lead Is (Action) 


SACRAMENTO 

AT SACRAMENTO 



♦♦ 


UNCLASSIFIED//FOR OFFICIAL USE ONLY 



UNCLASSIFIED 


5 a 


FD-542 (Rev. 03-23-2009) 




FEDERAL BUREAU OF INVESTIGATION 


Precedence: ROUTINE Date: 05/01/2012 

To: San Antonio 


From: San Antonio 

Cyber/C-4 

Contact : SA 


Approved By: 


Drafted By: 
Case ID # : 


288A-SA-63452 (Pending) 


4 


b6 

b7C 


Title: I I ANTISEC; 

TEXAS COMMISSION ON JAIL STANDARDS (TCJS . STATE . TX. US) - 
VICTIM 

COMPUTER INTRUSIONS - CRIMINAL MATTERS 


Synopsis: To claim statistical accomplishment. 



b6 

b7C 

b7D 


; 


b6 

b7C 

b7D 


UNCLASSIFIED 



f 


UNCLASSIFIED 


■-H 




To: San Antonio From: San Antonio 

Re: 288A-SA-63452, 02/09/2012 


Accomplishment Information: 

Number: 1 

Type: CIP SUBJECT IDENTIFIED 

ITU: CIP 

Claimed By:. 

SSN : 

Name : 

Squad:' C-4 
Number: 1 

Type: CIP SEARCH WARRANT OBTAINED AND EXECUTED 

ITU: CIP 

Claimed By:| 

SSN: 

Name: 

Squad: C-4 

Number: 1 

Type: CIP CONSENSUAL MONITORING CONDUCTED 

ITU: CIP 

Claimed Byi 

SSN: 

Name: | 

Squad: C-4 

Number: 1 

Type: CIP COMPROMISED SITE IDENTIFIED 

ITU: CIP 

Claimed By: 

SSN: 

Name : | 

Squad: C-4 


♦♦ 


UNCLASSIFIED 


b6 

b7C 


2 



(Rev. 05-01-2008) 


• • 

UNCLASSIFIED/ /FOR OFFICIAL USE ONLY 

FEDERAL BUREAU OF INVESTIGATION 


Precedence: ROUTINE Date: 05/03/2012 


To: San Antonio Attn: SA | 

Cyber/C-4 


From: 


San Antonio 
Squad CI-1 
Contact: SA 


Approved By: 

Drafted By: 

Case ID #: 288A-SA-63452 (Pending) — 


Title: I 1 ANTISEC 

TEXAS COMMISSION ON JAIL STANDARDS 
(TCJS. STATE. TX. US) - VICTIM 
COMPUTER INTRUSIONS - CRIMINAL MATTERS 


b6 

b7C 


Synopsis: Coverage of lead. 

Full Investigation Initiated: 01/17/2012 


Details: San Antonio CI-1 received a lead regar ding case #288A- 

SA-63452 serial #14 lead #3. Special Agent (SA) | 

and Staff Operations Specialist (SOS) I conducted 

logical investigation of e-mail addresses. To date, FBI San 
Antonio CI-1 has exhausted all investigative resources and no 
priority threats to national security warranting further 
investigation were identified. In the event additional 
derogatory information is discovered, FBI San Antonio CI-1 will 
consider opening an investigation. FBI San Antonio CI-1 
considers this lead covered. 


b6 

b7C 


UNCLASSIFIED/ /FOR OFFICIAL USE ONLY 


l ; ? c e l) o 2 . 





UNCLASSIFIED/ /FOR OFFICIAL USETONLY 


To: San Antonio From: San Antonio 

Re: 288A-SA-63452, 05/03/2012 


LEAD ( s ) : 

Set Lead 1: (Info) 

SAN ANTONIO 

AT SAN ANTONIO. TX 

C-4 for information only. Read and clear. 


♦♦ 


UNCLASSIFIED/ /FOR OFFICIAL USE ONLY 


UNCLASSIFIED 


FEDERAL BUREAU OF INVESTIGATION 


Precedence: PRIORITY Date: 05/25/2012 

To : San Antonio 


From: San Antonio 


Contact: SA 


Approved By: 




Drafted By: 


*4 


Case ID #: 288A-SA-63452 (Pending) 


b6 

b7C 


Title: I H 

aka | | ANTI SEC; 

TEXAS COMMISSION ON JAIL STANDARDS (TCJS . STATE . TX . US) - 
VICTIM 

COMPUTER INTRUSIONS - CRIMINAL MATTERS 


Synopsis: Case update and investigative plan. 


Details: Writer currently has no CHS coverage of the subject of 

the cap tioned ca se a nd no more open -source leads. A lead was 
to l I RA, 


sent 


date, 


£ 


Division, to attempt to 


physi cally loca te subject at his last known physical address. To 


RA has been unable to locate the subject. 


1 I RA has a CHS that may be able to gain access 

to the subject online and writer has requested that this be 
attempted. Writer has also requested I I RA to mnHmip t o 

attempt to locate the subject. Writer will work with f to 
provide any needed information or Grand Jury subpoenas. 


Upon locating the subject, whether online or 
physically, writer will use all means available to observe the 
online activity, especially the IP addresses used, by the 
subject. It is anticipated that this will enable writer to link 
past known attacks to the subject beyond a reasonable doubt. 


♦♦ 


UNCLASSIFIED 


$A - 



• • 

302 (Rev. 10-6-95) 


- 1 - 

FEDERAL BUREAU OF INVESTIGATION 


Date of transcription 05/31/ 2012 

On May 31, 2012, an employment request was faxed to the 
State of I I Employment Development Department (EDD) , via b6 

, facsimile number I L The request asked for employment b7c 

0 information from 01/01/2010 through present for the following b7D 

individual : 


Name : 

DOB: 

SSAN: 


Attached and made a part of this document is a copy of 
the request faxed to EDD. 



Investigation on 05/31/2012 
# 288A-SA- 63452 


at 


File 


Date dictated not dictated 


by SA 



This document contains neither recommendations nor conclusions of the FBI. It is the property of the rB] 

1 - 3 ^ 

L and is loaned To your a 

]C t 

genqf 

f 

r> 


b7D 


b6 

b7C 


it and its contents are not to be distributed outside your agency. 




U.S. Department of Justice 
Federal Bureau of Investigation 



In Reply, Please Refer to 
FileNo. 2 8 8 A- SA- 63452 


May 31, 2012 


Attention: To Whom It May Concern 


Re : Employment for 


Dear State of 


Employment Development Department: 


Please provide employment information from 01/01/2010 
through present for the following individual : 


Name : 

DOB: 

SSAN: 


b6 

b7C 

b7D 


Sincerely yours, 

b6 

b7C 


Special Agent 



\s> 
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Precedence: ROUTINE Date: 06/08/2012 

To: San Antonio 


From: San Antonio 

Cyber/C -4 
Contact: SA 


Approved By: 


Drafted By: 
Case ID #: 


288A-SA-63452 (Pending) 



Title: 


I ANTI SEC; 

TEXAS COMMISSION ON JAIL STANDARDS (TCJS . STATE . TX. US) 
VICTIM 

COMPUTER INTRUSIONS - CRIMINAL MATTERS 


b6 

b7C 


Synopsis: To claim statistical accomplishment. 


Details: On 6/7/2012. an IIR, number 


was published based on CHs| 

reporting. The subject of 


the HR was (U//FOUO) Identification of I nternet Relay Ch at (IRC) 


Channels Used by Anonymous Members, as of 
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To: San Antonio From: San Antonio 

Re: 288A-SA- 63452 , 06/08/2012 


Accomplishment Information: 

Number : 1 

Type: CIP POSITIVE INTELLIGENCE PRODUCT GENERATED (E.G. HR) 

ITU: CIP 

Claimed By; 

SSN : 

Name : | 

Squad: C-4 
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Office/Divisio San Antonio 
n: 

Squad: C Four 


Date of 

Contact 02/22/2012 

List all 
present 
includin 

9 b6 

yoursell I b7c 

(Do not 
include 
the 
CHS.): 

Type of 
Contact e-Mail 

Sportf 03/02/2012 

Substantiv 
e Case File 

Number: 288A-SA-63452 

EUcheck if Grand Jury restrictions apply 

Source Reporting: CHS provided the following through email: 
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b7C 
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FEDERAL BUREAU OF INVESTIGATION 

CHS REPORTING DOCUMENT 




HEADER 

Source ID 




Date: 12/06/2011 


Case Agen 
Name 
Field 

Office/Divisio San Antonio 
n: 

Squad: C Four 



Date of 
Contact: 


11/08/2011 


List all 
present 
including 
yourself.[ 
(Do notl 
include 
the 
CHS.): 


Type of 
Contact: 


In Person 


Country UN1TED STATES 


City: Lackland AFB 


State 


Texas 


Report: 12/06/2011 


Substantiv 
e Case File 

Number: 288-SA'=G5j 


L533-SUB 




A 

GVlSl 


b6 

b7C 


b6 

b7C 


9<g6 #S*V-03 45SS-SB 




Dcheck if Grand Jury restrictions apply 

The report mentions a | |anc[" 

full report provided by the source: 

This is your guide to making sense of everything on this disc. 
[[DISCLAIMER]] 


is being potential actors in the LulzSec group. Below is the 


b6 

b7C 


All times in file names are Central. 
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FEDERAL BUREAU OF INVESTIGATION 

CHS REPORTING DOCUMENT 


HEADER 


Source IDj 

Date: 05/10/2012 
Case Agent Name: 

Field Office/Division: San Antonio 
Squad: c Four 


Date of Contact: 05/01/2012 
List all present 

including yourself 

(Do not include 
the CHS.): 

Type of Contact: e-Mail 


Date of Report 


Substantive Case File Number: 288A-SA-63452 


Source Reporting: 
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FEDERAL BUREAU OF INVESTIGATION 


Precedences ROUTINE 
To: San Diego 

From: San Diego 


Date: 12/01/2011 


Contact : SA 


Approved By: 


k— L 



Drafted By: 

Case ID #: 288A-SD-NEW 

Title: UNSUB (S); 

# ANTI SEC; 


(Pending) 






COMPUTER INTRUSION 

Synopsis: Request case "ke opened on captioned investigation. 

Details: On 11/18/2011, retired California Depar tment of Justice 

Special Agent Supervisor I I advised that he 

received text messages from his own Google telephone number 
indicating that he had been "owned" . 

On 11/18/2011, a YouTube video was posted with the 
title " #AntiSec Fuck FBI Friday V - Cybercrime Investigator 
HoTnmnrn rah Inna 11 from the YouTube user account 

I L The video was 6:03 long and stated the 

following information, which was also posted as text below the 
video : 


b6 

b7C 


b6 

b7C 


"Greetings Pirates, and welcome to another exciting #FuckFBIFriday release. 

As part of our ongoing effort to expose and h umiliate our white hat enemies, we targeted a Special Agent Supervisor 
of the CA Department of Justice in charge of l I We are leaking over 38,000 private 

emails which contain detailed computer forensics techniques, investigation protocols as well as highly embarrassing 
personal information. We are confident these gifts will bring smiles to the faces of our black hat brothers and sisters 
(especially those who have been targeted by these scurvy dogs) while also making a mockery of "security 
professionals" who whore their "skills" to law enforcement to protect tyrannical corporativism and the status quo we 
aim to destroy. 


UNCLASSIFIED 






UNCLASSIFIED 



To: San Diego From: San Diego 

Re: 2 8 8 A- SD -NEW , 12/01/2011 


We hijacked two gmail accounts belonging to | | who has been a cop for i ly ears, dumping hi s private 

email correspondence as well as se veral dozen voice mails and SMS text message logs. While just yesterday f | 
was having a private BBQ with his l h igh computer crime task force friends, we were reviewing their 

detailed internal operation plans and proc edure d ocuments. We also couldn' t overlook the boatloads of embarrassing 
personal information about our cop friendl | We lulzed as we listened to I I 


~|we turned on his google web history and watched him[ 


111JLW1 J U11U »T U LV11VU 1.AAAAA ^ 

We also abused his google voice account, making surd Ifriends 


and family knew how hard he was owned. Possibly the most interesting content in his emails are th< 


] 


I i The information in these emails will prove essential to 

those who want to protect themselves from the techniques and procedures cyber crime investigators use to build 
cases. If you have ever been bust ed for computer crimes, you should check to see if your case is being discussed 
here. There are discussions about] I 


These cybercrime investigators are supposed to be the cream of the crop, but we reveal the totality of their ignorance 
of all matters related to computer security. For months, we have owned several dozen white hat and law enforcement 
targets- getting in and out of whichever high profile government and corporate system we please and despite all the 
active FBI investigations and several billion dollars of funding, they have not been able to stop us or get anywhere 
near us. Even worse, they bust a few dozen people who are allegedly part of an "anonymous computer hacking 
conspiracy" but who have only used kindergarten-level - this isn't even hacking, but a form of electronic 

civil disobedience. 

We often hear these "professionals" preach about "full-disclosure," but we are sure these people are angrily sending 
out DMCA takedown notices and serving subpoenas as we speak. They call us criminals, script kiddies, and 
terrorists, but their entire livelihood depends on us, trying desperately to study our techniques and failing miserably 
at preventing future attacks. See we're cut from an entirely different kind of cloth. Corporate security professionals 
like Thomas Ryan and Aaron Barr think they're doing something noble by "leaking" the public email discussion lists 
of Occupy Wall Street and profiling the "leaders" of Anonymous. Wannabe player haters drop shitty dox and leak 
partial chat logs about other hackers, doing free work for law enforcement. Then you got people like Peiter "Mudge" 
Zatko who back in the day used to be old school lOpht/cDc only now to sell out to DARPA going around to hacker 
conventions encouraging others to work for the feds. Let this be a warning to aspiring white hat "hacker" sellouts and 
police collaborators: stay out the game or get owned and exposed. You want to keep mass arresting and brutalizing 
the 99%? We'll have to keep owning your boxes and torrenting your mail spools, plastering your personal 
information all over teh internets. 

Hackers, join us and rise up against our common oppressors - the white hats, the 1%’s ’private' police, the corrupt 
banks and corporations and make 2011 the year of leaks and revolutions! 

We are Anti-Security, 

We are the 99% 

We do not forgive. 

We do not forget. 

Expect Us!" 
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To: San Diego From: San Diego 

Re: 288A-SD-NEW, 12/01/2011 


A link was also prov ided on the Y ouTube page to the 


documents that were taken from 
infnrmal-inn wee Inrahprl et 


account , 


The 


Additionally, some of the information contained withi n 
account was posted at 


On 11/30/2011, California Department of Justice 
pr ovided the f_r t with a CD-ROM disc containing the files located 


b6 

b7C 

b7E 


at 


r 


These files are contained in a 1-A envelope to 


this file end are password protected with the following password: 
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FEDERAL BUREAU OF INVESTIGATION 


Precedence : ROUTINE 

To: San Diego 

From: San Diego 

CYl 

Contact : SA 


Date: 12/05/2011 


Approved By: 
Drafted By: 


b6 

b7C 


Case ID #: 288A-SD-73148 (Pending) 


Title: UNSUB(S); 

ANT I SEC ; 


/ 



VICTIM; 


COMPUTER INTRUSION 


Gmail files from 


Synopsis: Document collection of 

I I 

Details: On 12/01/2011, following a determination that the CD- 

ROM disc obtained fr om the California Department of Justice had 


c 


become corrupted, SA 


visited the website 


b6 

b7C 


and downloaded the torrent 
containing the contents of the Gmail files exfiltrated from 
I accounts . The contents included one zipped file 


The zipped file was placed on a CD-ROM disc and placed 
in the 1-A file. 
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FEDERAL BUREAU OF INVESTIGATION 


Date of transcription 12 / 07 / 2011 


security account numberL 


1 d ate of birth [ 


1 social 


was interviewed at the San 
Diego Division of the Federal Bure au of Inves tigati on. Also 




attending the interview were ITCFE 


and IA 


After being advised of the i dentity of the interviewing Agent and 


the nature of the interview, 
information: 


volunteered the following 


referred to the written statement he had 


previously submitted and advised that the information provided 
within was accurate. A copy of the written statement is contained 
in a 1-A envelope in the file. 


On 11/18/2011, at approximately 7:00 am PST, 
began receiving text messages on his cellular telephone fr om the 
telephone number associated with his Google Voice account, 

I I The text messages were statements similar to "We have 

you" and ,"Wp qmj vpn" . Additional text messages were received that 


bo enter an IRC chat room t n di sci 


iss the matter 


directed _ 

wi th thft i ndi vi dua 1 s that had taken over | [accounts. 

advised that he did not reply to these messages and does 

not recall the exact context of the message s or the n ame of the IRC 
chat room that they were directing him to. I I stated that he 

has deleted the text messages and has no record of them. 

Shortly after receiving the text messages fro m the 
individuals claiming they had compromised his accounts, 


began receiving telephone calls from friends and family members who 
advised him that they were receiving suspicious messages from hirn 
on Faceb ook. The individuals also advised that there were 


and other out of character posts on his Facebook feed. 


had recovered and locked down all of his 


By noon| 

accounts. Text messages continued arriving on his cellular 
telephone that appeared to be from his Google Voice telephone 
number. Fearing that his Google account was still compromised, 
deleted the Google account. • 


received 


Following the recovery of his accounts, 

a text message that stated that it wasn't over and a text message 
that made a reference to the tough economic times and financial 


investigation on 12/06/2011 at San Diego, CA 

File# 288A-SD-73148 ±2= 

by SA 


Date dictated 


This document contains neither recommendations nor conclusions of the FBI. It is the property of the FBI and is loaned to your agency; 
it and its contents are not to be distributed outside your agency. 
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288A-SD-73148 


Continuation of FD-302 of 


, On 12 /06/2011 , Page 


issues. | |checked his credit c ards and d iscovered that a 

fraudulent charge had been made on hi s i 1 card from Ritz 

camera. The item was set tcp_sh±o_to his old address. The 
card that was used ended in 


believed that the compromise could be related to 
his Android cellular telephone, which he had "rooted" . One of the 
consequences of rooting the telephone was that other programs that 
normally would not have access to the files "Shared Preferences" 
and "Accounts . db" c ould now access those files. The fil es contain 
information such as I I from the 

telephone. A few days prior to the in dividuals advising [ 


that he had been compromised^ 


Jhad downloaded and installed 

a program called "atorrent" from the Android store. This program 
allowed a n spr ho dow nload torrent files onto your cellular 
telephone. | stated that he used the program several times 

to test it, downloading music and a movie. 


1 also stated that his laptop could have been a 

i ______ * . . _ 1 i . _n _■ n j . n “I i_T 1 


potential source of the compromise, but did not believe that it 
could have been his desktop computer. 

The password used for his Gmail account. 

The only other system that 
\ All other 

~ I 


jaafifiw. a j :d a a s r- s [ 


b6 

b7C 


b6 

b7C 


b6 

b7C 


accounts, £ 


A1 though # Anti Sec claimed to compromise two Gmail 

p elieved t hat the second account compromised may 
have been his Yahoo! account,! I since he had to 

I I stated that he was 

unsure how they would have determined that he was the owner of the 
Yahoo ! account 


l 


] 


b6 
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he had created 
Addi t i ona 1 ly , 


forf 


was unaware if the Gmail account 
had been compromised. 


account or the password for it. 


] did not remember the exact name of that 


| advised that he has wiped the hard drives of 
both his laptop and desktop computers. He also stated that he has 
deleted his Google account that was compromised and reset his 
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Android cellular telephone | 

all of the text messages he had received. 


which removed 
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FEDERAL BUREAU OF INVESTIGATION 


Date of transcription 01 / 05 / 2012 


On 12/31/2011, an individual posted information regarding- 
the compromise of the California State Law Enforcement Association 
(www.cslea.com) on www.pastebin.com. The information provided an 
explanation for the attack, e-mail communications from CSLEA 
personnel discussing the security of their website, as well as 
name, address, password, and credit card information for 
individuals related to CSLEA. Additionally, the me ssage stated 
that the compromise of CSLEA was "how Special Agent f 
at the California DOJ | |Unit got humiliated last month" . 


] 


The referenced information has been printed out and 
attached to this document. 


he 

hie 



investigation on 01/05/2012 at San Diego , CA 

File# 288A-SD-73148 ' 

/ ^ 

by SA 


Date dictated 
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This document contains neither recommendations nor conclusions of the FBI. 
it and its contents are not to be distributed outside your agency. 


It is the property of the FBI and is loaned to^ y our agency; 
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Hello comrades and thank^or joining us for the final phase of our cross count - Pastebin.com 

# w 

p A S T E B l N ! I ' TOOL SINCE 200? CREATE NEW PASTE 


PASTED I M Follow ©pastebin 


Oif.AI It l>fcV PASVfc I Ri NDiNCi PASI th 


TOOLS API ARfhlVF 


search... 


SIGN UP tOGIN MY SETT 


Untitled 

BY: AGUEST | DEC 31ST, 2011 | SYNTAX: NONE | SIZE: 71.51 KB | HITS: 2,862 1 EXPIRES: NEVER 
COPY TO CLIPBOARD | DOWNLOAD | RAW | EMBED | REPORT ABUSE 


And rechameiesS 



1. 

2 . 

3. 

4. 

5. 

6 . 

7. 

8 . 
9. 

10 . 

11 . 

12 . 

13. 

14. 

15. 

16. 

17. 

18. 

19. 

20 . 
21 . 
22 . 

23. 

24. 

25. 

26. 

27. 

28. 

29. 

30. 

31. 

32. 

33. 

34. 

35. 

36. 

37. 

38. 

39. 

40. 

41. 

42. 

43. 

44. 


Hello comrades and thanks for joining us for the final phase of our cross 
country hacker crime spree, our contribution to pr0j3kt m4yh3m. We're still 
preparing the torrents, mail spools, as well as our final txt zine release which 
will surely bring humiliation and embarrassment to many white hats and 
sysadmins. But this New Years Eve, we bringing yall some party favors to keep 
you raging all night. Did you remember a month ago when the mayors and piggies 
across the US conspired to attack protesters in public parks? We sure do, so we 
have been planning a retaliatory raid of our own. Bring it, NDAA. Bring it, 

SOPA. We are snipers with one hell of a scope! Takin out a cop or two, they 
can't cope with us! 


we st coast - east coast 

/******************************************************************************* 
CALIFORNIA LAW ENFORCEMENT ASSOCIATION - DEFACED AND DESTROYED BY ANTISEC 
****** **************************************** ****************** ***************/ 

Soundtrack to the Rev Track: The Coup - Five Million Ways to Kill a CEO 

http: //www. youtube ,com/watch?v=lJotps9V4 as 

I'm from the land where the Panthers grew 
You know the city and the avenue 
If you the boss we be smabbin through 
And we'll be grabbin* you 
To say "What's up with the revenue?" 

Most everybody already knows that we don't like police very much. Shit, just 
about everybody hates them, everybody except for the rich and powerful who 
depend on their protection. But which state got the most blood on their hands? 
Well we already owned pigs in Texas and Arizona, and many many others; guess its 
time to ride on the California police. 

From the murder of Oscar Grant, the repression of the occupation movement, the 
assassination of George Jackson in San Quinten prison, the prosecution of our 
anonymous comrades in San Jose, and the dehumanizing conditions in California 
jails and prisons today, California police have a notorious history of brutality 
and therefore have been on our hit list for a good minute now. 

So we went ahead and owned the California State Law Enforcement Association 
(CSLEA.COM), defacing their website and giving out live backdoors. We dumped a 
few of their mail spools and forum databases, and we did get a few laughs out of 
reading ye ars of their private email correspondence (such as CSLEA's Legisl ative 
and Police | 

. But what we were really after was their membership rosters, which 
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Untitled 
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45. 

46. 

47. 

48. 

49. 

50. 

51. 

52. 

53. 

54. 

55. 


Hello comrades and thanks for joining us for the final phase of our cross count - Pastebin.com 


included the cleartext passworcWJ 2500 of their members, guaranteeing the 
ownage of many more California pigs to come. 


"But wait! Cops are people too! Part of the 99%1" orly? When these soulless 
traitors voluntarily chose to cross the picket line and side with the bosses and 
bureaucrats, they burned all bridges with working class. As the bootboys for 
capitalism they do not protect us, instead choosing to serve the interests and 
assets of the rich ruling class, the 1%. Many Occupiers are learning what many 
of us already know about the role of police in society when they violently 
attacked protesters occupying public parks. Now it’s time to turn the table and 
start firing shots off in the right direction. Problem, officer? 


56. 


57 . Interestingly, CSLEA members have discussed some of our previous hacks against 

58. police targets, raising concern for the security of their own systems. However 
deliberately made some rather amusing lies as to their security. He 

60. repeatedly denied having been hacked up until web hosts at | | showed him 

61. some of the backdoors and other evidence of having dumped their databases. We 

62. were reading their entire email exchange including when they realized that 

63. credit card and password information was stored in cleartext. This is about the 

64. time l ~~ I changed his email password, but not before receiving a copy of the 


66 . 


65. ’shopper' table which contained all the CCs. Too late 



67. In all fairness, they did make an effort to secure their systems after discovery 
68 

69 

70 

71 

72 

73 

74 

75 

76 

77 
78, 

79 
80, 

81 
82 
83, 


of the breach 



But we still had 


and were stealthily checking out the 


many other websites on the server, while also helping ourselves to thousands of 
police usernames and passwords (it's how Special Agent^ 

California D0j| 


~| at the 

]tfnit got humiliated last month). For two months, we 


passed around their private password list amongst our black hat comrades like it 
was a fat blunt of the dank shit, and now it's time to dump that shit for the 
world to use and abuse. Did you see that there were hundreds of 9doj.ca.gov 
passwords? Happy new years!! 


84 . /******************************************************************************* 

85. LIST OF SITES HOSTED BY CSLEA, NOW WIPED OFF THE NET !!! 

86 . ******************************************************************************* / 

87. 


88. Association of Conservation Employees (ACE) 

89. Association of Criminalists-DOJ (AC-D0J) 

90. Association of Deputy Commissioners (ADC) 

91. Association of Motor Carrier Operations Specialists (AMCOS) 

92. Association of Motor Vehicle Investigators of California (AMVIC) 

93. Association of Special Agents-DOJ (ASA-DOJ) 

94. California Association of Criminal Investigators (CACI) 

95. California Association of Food and Drug Investigators (CAFDI) 

96. California Association of Fraud Investigators (CAFI) 

97. California Association of Regulatory Investigators and Inspectors (CARII) 

98. California Association of State Investigators (CASI) 

99. California Organization of Licensing Registration Examiners (COLRE) 

100. California Association of Law Enforcement Employees (CALEE) 

101. California Highway Patrol Public Safety Dispatchers Association (CHP-PSDA) 

102. Fire Marshal and Emergency Services Association (FMESA) 

103. Hospital Police Association of California (HPAC) 


4.8k 
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.244. 

.245. 

.246. 

.247. 

.248. 

.249. 

.250. 

.251. 

.252. 

.253. 

.254. 

.255. 

.256. 

.257. 


/******************************************************************************* 


mn | | yc 


L0L0L0L SO MUCH FOR "ENCRYPTED MEMBER DATA". DAMNl frOU DID HALF THE WORK 
FOR US. AND DESPITE BEING AWARE OF THE BREACH, YOU STILL COULD NOT KEEP US OUT. 

ON TO THE NEXT TARGET NEW YORK POLICE CHIEFS, OWNED AND EXPOSED 111 

*******************************************************************************/ 


Soundtrack to the Rev #3: Cop Killer by Ice-T 

http : / /www . youtube . com/watch 7v=p5gRIud5 7 j Q 

I got my black shirt on. 

I got my black gloves on. 

I got my ski mask on. 

This shit's been too long. 


.258. I got my twelve gauge sawed off. 

.259. I got my headlights turned off. 

.260. I'm 'bout to bust some shots off. 

.261. I'm 'bout to dust some cops off. 

.262. 

.263. I'm a cop killer, better you than me. 

.264. Cop killer, fuck police brutality: 

.265. Cop killer, I know your family’s grieving, (fuck ’ernl) 

.266. Cop killer, but tonight we get even, ha ha. 

.267. 


.268. For our next owning we bring you multiple law enforcement targets in the state 
.269. of New York, who has been on our crosshairs for some time due to their brutal 
.270. repression of Occupy Wall Street. We also want to bring attention to the 1971 
.271. riots at Attica where in response to the murder of George Jackson, convicts took 
.272. over the priso, demanding humane living conditions. It is in this same spirit of 
.273. cross-country solidarity that we attacked police targets in NY. 

.274. 


.275. We’re dropping the md5-hashed passwords and residential addresses for over 300 
.276. Police Chiefs in the state of New York. We are also sharing several private mail 
.277. spools of a few NY police chiefs. While most of the contents of these emails 
.278. involve boring day to day office work and blonde joke chain emails, there were 
.279. also treasure troves of embarrassing personal information as well as several 
.280. "For Official Use Only" and "Law Enforcement Sensitive" documents discussing 
.281. police methods to combat protesters. 

.282. 


.283. Subject: Mid Hudson Chiefs Fwd: Demonstrators 
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rand Jury Subpoena for 


subpoena : 


The following is a summary of the results of the 


The results have been printed out and are attached to 
this document for the file. 


investigation on 01/11/2012 at San Diego, CA 
File# 288A-SD-73148 ' ( 


Date dictated 


This document contains neither recommendations nor conclusions of the FBI. It is the property of the FBI and is loaned to your agency; 
it and its contents are not to be distributed outside your agency. ^ j ^ 1 ff 
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UNCLASSIFIED 

FEDERAL BUREAU OF INVESTIGATION 


Pr ec edenc e : ROUT INE 

To: San Diego 

From: San Diego 

CYl 

Contact : SA 


Date: 01/26/2012 


Approved By: 
Drafted By: 


Case ID #: 288A-SD-73148 (Pending) 
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Title: UNSUB (S); 

# ANTI SEC; 


COMPUTER INTRUSION 


D- VICTIM; 


Synopsis: Close captioned investigation. 

Details: On November 18, 2011, retired California .Depart ment of 

Justice Special Agent Supervi snr I I advised 

that he received text messages from his own Google telephone 
number indicating that he had been "owned" . 

On November 18, 2011, a YouTube video was posted with 
the title "#AntiSec Fuck FBI Friday V - Cybercrime Investigator 
Communications" from the YouTube user account 
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b7C 


The video was 6:03 long and stated the 

following information, which was also posted as text below the 
video : 

"Greetings Pirates, and welcome to another exciting #FuckFBIFriday release. 

As part of our ongoing effort to expose and humiliate our white hat enemies, we targeted a Special Agent Supervisor 
of the CA Department of Justice in charge of i I We are leaking over 38,000 private 

emails which contain detailed computer forensics techniques, investigation protocols as well as highly embarrassing 
personal information. We are confident these gifts will bring smiles to the faces of our black hat brothers and sisters 
(especially those who have been targeted by these scurvy dogs) while also making a mockery of "security 
professionals" who whore their "skills" to law enforcement to protect tyrannical corporativism and the status quo we 
aim to destroy. 


UNCLASSIFIED 
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UNCLASSIFIED 



To: San Diego From: San Diego 

Re: 288A-SD-73148, 01/26/2012 


We hijacked two gmail accounts belonging to | | who has been a cop for] [years, dumping his private 

email correspondence as well as se veral dozen voicemails and SMS text message lo gsTwhile just yesterday | | 


hist" 


1 friends, we were reviewing their 


was having a private BBQ with 
detailed internal operation plans and proc edure d ocuments. We also couldn't overlook the boatloa ds of embarrass ing 
personal information about our cop friendl Iwe lulzed as we listened to angry voicemails fron{ 


~| We turned on his google web history and watched him look up l ■ [ 

] We also abused his google voice account, making surel friends 


and family knew how hard he was owned. Pos sibly the most interesting content in his emails are the 
internal email list archives (2005-201 1) which[ 


[ 


I 


]The information in these emails will prove essential to 


those who want to protect themselves from the techniques and procedures cyber crime investigators use to build 
cases. If you have ever been bust ed for computer crimes, you should check to see if your case is being discussed 
here. There are discussions about! I 


These cybercrime investigators are supposed to be the cream of the crop, but we reveal the totality of their ignorance 
of all matters related to computer security. For months, we have owned several dozen white hat and law enforcement 
targets-- getting in and out of whichever high profile government and corporate system we please and despite all the 
active FBI investigations and several billion dollars of funding, they have not been able to stop us or get anywhere 
near us. Even worse, they bust a few dozen people wh o are allegedly p art of an "anonymous computer hacking 
conspiracy” but who have only used kindergarten-level] this isn't even hacking, but a form of electronic 

civil disobedience. 
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We often hear these "professionals" preach about "full-disclosure," but we are sure these people are angrily sending 
out DMCA takedown notices and serving subpoenas as we speak. They call us criminals, script kiddies, and 
terrorists, but their entire livelihood depends on us, trying desperately to study our techniques and failing miserably 
at preventing future attacks. See we're cut from an entirely different kind of cloth. Corporate security professionals 
like Thomas Ryan and Aaron Barr think they're doing something noble by "leaking" the public email discussion lists 
of Occupy Wall Street and profiling the "leaders" of Anonymous. Wannabe player haters drop shitty dox and leak 
partial chat logs about other hackers, doing free work for law enforcement. Then you got people like Peiter "Mudge" 
Zatko who back in the day used to be old school lOpht/cDc only now to sell out to DARPA going around to hacker 
conventions encouraging others to work for the feds. Let this be a warning to aspiring white hat "hacker" sellouts and 
police collaborators: stay out the game or get owned and exposed. You want to keep mass arresting and brutalizing 
the 99%? We'll have to keep owning your boxes and torrenting your mail spools, plastering your personal 
information all over teh internets. 


Hackers, join us and rise up against our common oppressors - the white hats, the 1%'s 'private' police, the corrupt 
banks and corporations and make 2011 the year of leaks and revolutions! 

We are Anti-Security, 

We are the 99% 

We do not forgive. 

We do not forget. 

Expect Us!" 


UNCLASSIFIED 
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UNCLASSIFIED 


San Diego From: San Diego 

288A-SD-73148 , 01/26/2012 


A link was also provi ded on the YouTube page to the 
documents that were taken from account. The 


additionally, some of t 
account was posted at 


:ained within 



On November 30, 2011, California Department of Justice 
he FB I with a CD-ROM disc containing the files located 
These files are contained in a 1-A envelope to 
and are password protected with the following password 


responded to a Grand Jury 




lack of 


closed. 


Due to all victim information being destroyed and th e 


San Diego requests that captioned investigation be 


UNCLASSIFIED 
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~I was interviewed telephonicall y . 
being aavisel^o^the identity of the interviewing Agent , ] 
volunteered tfce following information: 
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Statement regarding the hijacking of my personal accounts: 


On Friday 1 1-18-201 1 , at approximately 0700 hours I was getting in my car and began 


receiving text m essages on my phone from my own Gooale teleo 


T 


This number is associated with my 


ihc 

_a 


one number of 
ccount of 


The messages stated that in essence, the senders had 
taken over my account and that they "owned" me. The messages were also directing 
me to a specific chat room (I already deleted the text) to contact them, otherwise they 
were going to post my email and personal information all over the Internet. I ignored 
them and they continued to harass me with incoming text messages. I checked via my 
smart Android based cell phone, and immediately noticed I no longer had access to my 
Google account, my Facebook account that was asso ciated with the same ema il 


address, and the yahoo account that was linked to my| ] The 

perpetrators continued to prod me to go to the chat room with threats of releasing the 
information, but I continued to ignore them. 
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When I arrived home at approximately 0730 hours, I went onto the Internet from what I 
believed to be a secure computer and via the specific providers websites followed their 
online protocols for recovering compromised accounts. It took approximately 1 hour, 
but I was successful in gaining access to all the compromised accounts and changed 
the passwords several times to prevent the intruders from following the same protocols. 
In the Google account, they harassed many of the contacts contained in my phone book 
with a variety of text messages. They posted personal emails from the email accounts 
around the Internet and made bold statem ents about compromising a Department of 

Some of the email in my sent folder included 


Justice!" 


| | They logged into my Facebook account and 

deleted most of my photos, changed configuration settings, posted numerous offensive 
comments and personal messages to various friends, as well as impersonated me in 
various chats. 
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I received a phone call fro m a Huffington Post reporter (didn’t get his name but seemed 
legitimate, ! I) at approximately 1400 hours the same day. He was excited 

when he initially called, like he was at the forefront of a big breaking story. He asked if 
I wanted to comment on the compromise that happened to me and told me he learned 
of it from people in a chat room. It appears he thought I was going to be some high 
ranking manager of a computer crimes unit and there were going to be damning thin gs 
in the data they stole. I quickly deflated his enthusiasm as I told him ! I 

I and that whatever they got was personal, but not 
embarrassing and I was not going to give in to their threats and intimidation by 
contacting them. I further told him that in the overall scheme of things, I was really 
nobody and it was insignificant to terrorize me for their cause. 

Following my recovery of the accounts, the perpetrators texted me and said it was not 
over yet. They made a comment about how tough economic times were and I should 
beware of my financial status. I made a check of my assorted banking and credit 






account that I deal with online and discovered a fraudulent charge made th at morning to 
Ritz camera for appro ximately $896.95. The purchase was made with my[ 


[ 


and was sc heduled to ship to an old mailing address a 


f I contacted 


]and they are cancelling the transaction 


and the account. There are no other know discrepancies at this time and have since 
place a credit block on my personal information. 


They continued to harass me via text and said they were releasing my telephone 
number to 150,000 followers on twitter, and hoped I wasn't busy. I received a few calls, 
but did only answered a few just to see what the callers had to say. Most just made 
ignorant comments and hung up. I disabled the gmail account, to avoid a backlog of 
voicemail as mv phone isl 

I I believe 

this tactic, along with not acknowledging them in the text or chat rooms frustrated them 
and kept them from calling or texting too much. There were a couple of texts from 

I that appeared to be sympathetic to me, wishing me well and hoping the 
hackers would be brought to justice. I ignored them as well, suspicious that the 
perpetrators were just testing to see if I was receiving their other harassment texts. 

I received only a few additional phone calls from mysterious numbers and harassment 
texts over the weekend. 


I desire prosecution. 
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ATT N:- Computer Intrusion 1 0 
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nit #2 


From:- San Francisco 

Squad CY-2/S a L n Jose RA 
Contact :- SA 


Approved By :- 
Drafted By: 
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Case ID #: 


.-sr-^% 


288A-SF-.NE# ’ (Pending) 
288A-SF-NEW-GJ (Pending) 


Title:- ANTI-SEC; 

UNSUB (S), et al; 
-IMAGESHACK - VICTIM; 
COMPUTER INTRUSION 


Synopsis:- To Open Case and subfiles. 



Details:- On October 8, 2Q#9, Special Agent 
with employees of IMAGESHACK located at 23X North Santa Cruz 
A venue, Los Gatos. California r _95030T to discuss two reCetaT 
computer intrusions of IMAGESHACK servers. IMAGESHACK is a 
company which provides internet image hosting. 



met 
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IMAGESHACK advised SA l I that the first computer 
intrusion occurred on July 10, 2009 at approximately 7 pm Pacific 
Standard Time (PST) .. A group by the name of ANTI-SEC gained 
access to one of the company database servers. The server the 
hacker (s) accessed contained | 



able to I 


[ The hacker (s) were also b7E 


1 


] In addition, the hacker (s) posted a message on t 


hie 


internet which claims the ANTI-SEC is a movement dedicated to the 
eradication of full disclosure. Their message further explained 
they plan to achieve this "through the full and unrelenting, 
unmerciful elimination of all supporters of full-disclosure and 
the security industry in its present form. " 




OH) 


b6 

b7C 







. W 



To:- 

Re:- 


y * 


San Francisc 
288A-SF-NEW, 




From:- San 
10/08/2009 


Francisco 



IMAGESHACK advised this computer intrusion affected 
approximately 50 million images and every user that was on their 
site at the time viewing -images. IMAGESHACK is still not sure 
how the hacker got into their database but believe 
I I After this attack, they went throuan tneir 


serversl 


On August 2, 2009, IMAGESHACK believes the same 
hacker (s) came back and gained access to their servers again. 
IMAGESHAC K has 'full and complete logs. It is apparent the 
hacker (s) I I 


IMAGESHACK believes in the first com 
Julv 2009, the hacker (s) accessed one database 

puter intrusion in 



1 IlMAGESHACK believes the hacker(s)l \ 



IMAGESHACK estimates their losses at approximately 



$26,000. 


b6 

b7C 

b7E 


b6 

b7C 

b7E 


b6 

b7C 

b7E 


It is requested that the following subfiles be opened:- 


Grand Jury 


SUB GJ 


It is requested that the new cas^ and subfiles be 
opened and assigned to SA 


b6 

b7C 


♦ ♦ 


2 





10/21/09 

12:08:07 



Title and Character of Case:- 
ANTI SEC 


’ FD-192 


ICMIPR01 
Page l 


Date Property Acquired :- 
10/08/2009 


Source from whi ch Property Acqui red :- 
IMAGBSHACK, C/O l ~l 263 N. SANTA CRUZ 

263 N SANTA CRUZ AVE #100 
LOS GATOS CA 95030 


b6 

b7C 


Anticipated Disposition:- Acquired Bv:- Case Agent: 


Description of Property:- Date Entered 

.IB 1 

SIX (6) HARD DRIVES :- 

-THREE (3) WESTERN DIGITAL S/N WMAP4 1239964 , S/N WMAKH1252071. 

AND S/N WMAKE 2 153028 

-two (2) Hitachi s/n ckc4U9se, s/n ckc5H4Me 

-ONB(l) SAMSUNG S/N S09QJ1UL218644 
ONE ( 1 ) HITACHI 

Barcode:- E4189643 Location:- SJECR PRES S3 10/09/2009 


^ - 4 e/y- 4(k||u 


Case Number:- 288A-SF-145486 
Owning Office:- SAN FRANCISCO 


ci8SA. if-(4S^ . I0.-LJ-- 



08/19/10 

19:29:55 


4 


€ 


"PD -192 


Title and Character of Case: 
ANTI SEC 


Date Property Acquired:- Source from which Property Acquired: 

SV-RCFL 

08/19/2010 


I CM I PRO 1 
Page 1 


Anticipated Disposition 


Description of Property :- 
IB 2 




Case Agent 



ONE (1) CD LABELED SV- 09- 01 62 (DERIVATIVE EVIDENCE OF 1B1) 


Barcode:- E4 189947 


Location:- SJECR 


PRESS3 



Date Entered 


08/19/2010 


^ falcAuxCCs' [p\A . W-s I pp . ( <{L e f 


Case Number:- 288A-SF-145486 
Owning Office:- SAN FRANCISCO 


qeqtC- 1&2. 
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FD-302 (Rev. 10-6-95) 


FEDERAL BUREAU OF INVESTIGATION 


Date of transcription TQ/09/2009 

On October 8, 2009, | I was interviewed at 

his place of employment, IMAGESHACK, located at 236 North San Cruz 
Avenue, Suite 100, Los Gatos, California, 95030, telephone number 
408-836-8579. After_balnn. advised of the identity of the 
Interviewing agent, provided the following information:- 

On July 10, 2009 at approximately 7:00 p.m., IMAGESHACK 

servers were hacked. .The hacker (s) we re able to get into the 

ins 


| | indicated the user 

This sever also contained 





L I -indicated IMAGESHACK does not collect or mainta in any credit b7c 

nerd in formation | I However. b7E 

Utateri the hanker f.s) would have had |_ I 

advised that from that server, the 
nacKercsi i I Ultimately, the 

hacker (s) I I 

| I I advised this affected every 

d$dr ob Sitb VibWibg images and approximately 50 million images. 

He Indicated IMAGESHACK user images we re repla ced with this 
propaganda message for several hours. I I said this caused 

quite a stir on the internet as it affected many website 
backgrounds as well. I l advised a group named ANTI-SEC claimed 

responsibility for the hack of IMAGESHACK on the internet. 


hack was a result of an 



| He 


ar.k. tthfi f.p»r:hni 1 team at IMAGE 

SHACK 1 



back. 


On August 2, 2009, 1 I indicated the hacker (s) came 

He advised the staff at IMAGESHACK believes it was the same 


hacker (s) Wf 
was able to] 


It appeared the 


Investigation on 09/08/2009 
File * 288A-SF-145486 <^ 
by SA 


Los Gatos, California 

Date dictated NA 


This document contains neither recommendations nor conclusions of the FBI It is the property of the FBI and is loaned to your agency; 
it and its contents are not to he distributed outside your agency. 
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288A-SF-1 45486' 



$26,450. 


He stated the estimated company losses are approximately 


| | provided one Computer Disk (CD) labeled IMAGESHACK 

ANTISEC which he did not want -returned that contained copies of an 
overview of the hac ks, the ANTI -SEC jpg image posted to the 
servers/ email : f rom [~ regarding the identity of the 

hacker (s), and chat logs from IMAGESHACK staff during the August 2, 


2009 attack. 


| | provided six. hard drives to S.A| | and 

signed an FD-^4.3 Consent to Search Computer (s) form for these six 

hard drives. | |was also provided and signed an FD- 

597 United States Department of Justice, Federal Bureau of 
Investigation, Receipt For Property "Received. The fd-94i and "FD-- 
597 and CD have been placed in a 1A > envelope and- sent "to the .file. 


b6 

b7C 




(Rev. 65-01-2008) 

(£) 


CLASSIFIED BY NSICG/J9«6*J4T52 
REASON: 1.4 <c> 

DECLASSIFY ON: m-2 1™2«38 
BAT!: 


s 




llil INFORMATION CONTAINED 
HEREIN IS DNCL AS 511111 EXCEPT 

tarn snow otherwise 

bl 

b3 


FEDERAL BUREAU OF INVESTIGATION 


(S) 


m 

(U) 


Precedence: ROUTINE 

To: San Francisco 


Date: 11/03/2009 


Attn: SA 

SA 


:y-2 
, CY-3 


From: San Francisco 

Oakland RA 
Contact: 


1-2 and CY-3 


Approved By: 
Drafted By: 


Case ID # : I I 

(0) 288 J-SP-141890 (Pending) 

(U) /2 8 8A- SF- 14548 6 —3 


b6 

b7C 


bl 

b3 


Title:- 


DEATH IS COMING FROM THE EAST; 
UNSUB (S) ; 

CI/CT - TNI I 


WORLD DEFACERS, 
UNSUB (S) ; 

CT - TNII 
00:SF 


(U) 



(U) 


Synopsis: 

Anti-Sec. 


Anti -Sec 
UNSUB (S) ; 

I MAGE SHACK - VICTIM 

^ Identification of possible founding member of 


D^?Tved--Freg^- ^ FBI ^ STgGG^009-QFXS 
Deel«ss±fy _ 'Cn: 20341103 


(Si 

(U) 

(Si 

(S) 


Reference: 



^£^288A-SF-145486 Serial 1 




bl 

b3 



T//NOFORN 




(U) Open 
Anti -Sec hacked 



no information that 


San Francisco divisionL 


I A nacKmg group 

named Anti -Sec gaine d access to one of the company's databa se 
servers and accessed I I 

[ The hackers 

changed the server settings to redirect every image to a 
hacker logo. The hackers posted a message claiming that the 
Anti-Sec group is dedicated to the eradication of full 
disclosure by eliminating the cyber security industry. 
(288A-SF-145486, Serial : 1) 


(U) Anti-Sec claimed that a 


An identifier 


1 _J further stated that Antr-sec rapricace ct 

the claim of l I 

White-Hat Hacker and Cyber Security Communities. Open source 
research r evealed that several large web hosting companies 
considered I _ I 

(800A-HQ-C1591622-NOADMIN, Serial : 20010) . 



( 8 00A-HQ-C1591 622 -NOADMIN, Serial 20010) 


SfeSRET//NOFORN 


2 






ET//N0F0RN/4 


P 


To:- 
Re : 


San Pranr 1 ^ «rr> Prnm • San Pranniarn 


LEAD (s) s 

Set Lead 1: (Info) 

SAN FRANCISCO 

AT SAN J'OSB 

(U) Read and Clear. 


♦♦ 


S^4t//N0F^H/[ 



I* 

l t * 

*■ 


(Rev. 05-01-200$) 


• • 

UNCLASSIFIED 

FEDERAL BUREAU OF INVESTIGATION 


i Precedence:; ROUTINE * Date: : 11/10/2009 

To:- San Francisco 


b6 

b7C 


Title:- ANTI-SEC; 

UNSUB (S) ; 

IMAGE SHACK - ‘VICTIM; 
COMPUTER INTRUSION 


From:- San .Francisco 

Squad CY2/Sa 

Contact: SA 

Approved By: 

Drafted By: 


t 


Jose RA 


Case ID #: : 288A-SF-I45486 (Pending 




'Synopsis:- To Report US .Attorney Office concurrence for new case 
opening . 




.Details:; On October S, 2009, Special Agent (SA) 
emailed Chief Assistant United State s Attorney ,(AUSA ) for .the 
Computer Intrusion and Hacking Unit,. ! I regarding 

concurrence for new 'captioned Investig ation. The email contained 


a summary of the case information. SA|_ ] was contacted 

telephonical'ly and granted concurre nce regarding captioned 
investigation and advised that AUSA | |would be 

assigned the case. 


Attached andimade a part of this document is the email 

to AUSA I 



UNCLASSIFIED 




b€ 

b7C 



UNCLASSIFIED 


FD-J42 (Rev. 03-23-2009) 




FEDERAL BUREAU OF INVESTIGATION 


'Precedence:- ROUTINE Date:- 11/13/2009 

To:- San Francisco 


From :- San Fra n c i s co 

Squad CY2/Sa n Jose RA 

Contact : SA 


Approved By:- 


Drafted By:- 




Case ID 


2 8 8 A- SF-1 4 5 4 8 6 




<7 


Title: ANTI-SEC; 

UNSUB (S) , et al; 
IMAGESHACK - VICTIM; 
COMPUTER INTRUSION 


b6 

b7C 


Synopsis : ; To Claim Statistics. 


Details:- On September 16, 2009, Special Agent (SA)I 

telephonically spoke to the victim company, Image shack, 
.regarding captioned matter and set a date to meet in person. 


On October 8, 2009, SA 


met with 


Imageshack and obtained the detailed information about the 
captioned computer intrusions. Possible subject (s) have been 
identified. 


of 


On November 13. 2009. SA 


b6 

b7C 

b7E 


UNCLASSIFIED 





UNCLASSIFIED 




To: San Francisco From:- San Francisco 

He:- 288A-SF-145486, 11/13/2009 


Accomplishment Inf ormation :- 

Number:- 2 

Type:- CIP 2703(f) ORDER SERVED 
ITU:- CIP 

ITU:- LIAISON WITH OTHER AGENCY 

Claimed By:-i 1 

SSN :- 

Name:- |_^ 

Squad :- CY2 


Number:- 2 

Type: CIP SUBJECT IDENTIFIED 

ITU:- CIP 

ITU:- LIAISON WITH OTHER AGENCY 

Claimed Byt 

SSN:- 

Name :- 1 

Squad:- CY2 


b6 

b7C 


Number:- 2 

Type:- CIP VICTIM CONTACTED/ INTERVIEWED 
ITU:- AGENT INTERVIEW 
-ITU:- CIP 

ITU :- INDIVIDUAL/NON-INFORMANT 
ITU:- .LIAISON WITH OTHER AGENCY 

Claimed By:-, , 

SSN:- 

Name:- 

Squad:- CY2 


♦♦ 


UNCLASSIFIED 


2 
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■1 

FEDERAL BUREAU OF INVESTIGATION 


Date of transcription . .12/09/2009. 

On 'December 8. 2009. Special Aaentf 
a facsimile fromL 


received 



aforementioned facsimile had been attached and is made a part of 
this, document.; 


i 


investigation on 12/08/2009 at, Campbell, California 


File. # 288A-SF-145486|^^ 

Date dictated. 'NA 



- 


This document contains neither recommendations nor conclusions of the FBI. It is the property of the FBI and is loaned to your agency; 
at and its contents are not to he distributed outside your agency, 


b6 

hlC 

b7E 


b6 

b7C 

A 



fD-302<Rcv,l<H-$5) 




i 



il: 

FEDERAL BUREAU OF INVESTIGATION 


Date of transcription 03/02/2010 

On January 23, 2010, Special Agent f SA) I I 

rnripivpH a rpcrmncp sH a Tp tr> al I 



The above referenced letter had been attached and Is made 
a part of this document. 


investigation on 01/23/2010 at Campbell, California (via facsimile) 


File # 288A-SF-14548S - JJ £ 
by SA| ~| 


Date dictated 

b6 

b7C 


NA 





This document contains neither recommendations nor conclusions of the FBI. It is the property of the FBI and is loaned to your agency; 
it and Us contents arc not to he distributed outside your agency. 
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UNCLASSIFIED' 

FEDERAL BUREAU OF INVESTIGATION 


Precedence: ROUTINE Date:- 01/14/2010 

To:- San Francisco 


;From: San Francisco 

Squad . CY 2 / San Jose RA 

Contact: SA 


Approved By: 
Drafted- By: 


Case ID #:- 288A-SF-145486 : (Pendinglxj^" 


b6 

b7C 


-Title :- ANTI-SEC; 

ON SUB (S) , et a 1 ; 
JMAGESHACK - VICTIM; 
COMPUTER INTRUSION 


Synopsis:- To Claim Statistics. 

Details:- On January 12. 2010. Special Agent (SA) I I 


On October 8, 2009, Imageshack provided SA | 1 with six 

hard drives and consent r to search those hard drives. 


UNCLASSIFIED 



UNCLASSIFIED 






To:- San Francisco From:- San Francisco 
-Re:; 288A-SF-145486,. 01/14/2010 


Accomplishment Information : : 


Number:- 1 

Type:- CIP 2703(f) ORDER SERVED 
ITU:- CIP 

ITU:- LIAISON WITH, OTHER AGENCY 

Claimed By* 

SSN : 

Name : : | 

Squad:- CY2 


Number:- 8 

Type:- CIP VICTIM 'CONTACTED/JNTERVIEWED 
ITU:- CONSENSUAL SEARCH 


Claimed By:- 
SSN :-' 
Name :- 
SqUad 


"CY2" 


b6 

b7C 




UNCLASSIFIED 


2 
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• • 

iL‘ 

FEDERAL BUREAU OF INVESTIGATION 


Pate of transcription 



On April 27 . 2012. Specia l Agent | | returned 

six hard, drives to| | at his place of employment 

IMAGESHACK, 236 Santa Cruz Avenue , Los Gatos, California, 95030. 
copy of the signed FD-597 United States Department of Justice 
Federal ’bureau of Investigation Receipt for Property 
Received/Returned/Released/Seized had been placed in a 1A envelop 


and sent to the file. 


A 


b6 

b7C 



This document contains neither recommendations nor conclusions of the FBI. It is the property of the FBI and is loaned to your agency; 
it and its contents are not to he distributed, outside yew agency. 



UNCLASSIFIED 


FEDERAL BUREAU OF INVESTIGATION 


Precedence: ROUTINE Date: 04/27/2012 

To: San Francisco 


From: San Francisco 

Squad CY2/San t Jose RA 
Contact : SA 


Approved By: 
Drafted By: 




Case ID #: 288A-SF-145486 (Closed) 




b6 

b7C 


Title: ANTI-SEC; 

UNSUB (S) , et al; 
IMAGESHACK - VICTIM 
COMPUTER INTRUSION 


Synopsis: To Close Captioned Case. 

Details: Assistant United States Attorney (AUSA) 


(SA) 


Special Agent 
investigation_and. its status on numerous occasions 


and 


2012, AUSA 
be closed. 


SA 


1 


have discussed captioned 

On March 16, 

f uired via email if captioned investigation cou 
advised that since there are no good subject 
internet protocol (IP) addresses and no good follow-up leads or 
information from current sources, captioned investigation should be 
closed. 


The evidence obtained in this investigation did not derive 
enough probable cause to resUlt in the identifi cation of a subject for 
a prosecUteable offense. On April 18, 2012, SA | y| received a 3 

letter from the United States Attorney's Office stating that their 
office has closed the investigation. The abovementioned letter has 
been attached and is made a part of this document- 


On April 27, 2012, SA 


returned the hard drives 


provided by Imageshack as evidence in captioned case back to the 
victim company. 


It is recommended that captioned case be closed and that ths 
evidence collected on captioned case be destroyed and/or returned 

UNCLASSIFIED 


^[Op II 


2 - 







V 


• • 

UNCLASSIFIED 

To:- San Francisco From:- San Francisco 
Re: 288A-SF-145486, 04/27/2012 


pursuant to FBI policy. There; are no pending leads or further 
investigation required on captioned case.: 


♦♦ 


UNCLASSIFIED 


2 




U.S. Departnu^^of Justice 

iUnited States Attorney 
Northern District of California 


Special Agent 

150 Almaden Boulevard, Suite 900 
San Jose, California ' 95115 

April 18, 2012 

DD: (408) 555-5061 
FAX: (408) 555-5066 

Federal Bureau of Investigation 
1919 S. Bascom Avenue, Suite 400 


b6 

b7C 

Campbell, CA 95008 




RE: ImaeeShack Intrusion 


Dear Special Agent 


This letter is to confirm that my office has closed the investigation into the ImageShack 
•intrusion by a group known as Anti : Sec. Based on our conversations, you have conducted an 
exhaustive investigation and have been unable to identify the individual responsible for the 
intrusion. If you find new evidence, please resubmit the case for prosecution. 

I appreciate all of your wo rk on the case. Ple ase do not hesitate to contact me if you have 
any questions. l ean be reached aj 


■Very truly yours, 

MELINDA HAAG 
United States Attorney 


Assistant United States Attorney 



l 
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Case ID: 288A-SF-145486-1A 


1A Envelope 


ORIGINAL NOTES RE INTERVIEW OP| I 

FD-597 RECEIPT FOR PROPERTY; FD-941 CONSENT TO SEARCH 
COMPUTERS; ONE CD WITH PRINTED COPIES 



SILICON VALLEY RCFL REPORT OF EXAMINATION DATED 11/17/2009; ! 
AND 08/09/2010 AND RETURN TO AGENCY RECEIPT DATED 08/19/2010 ! 
(NO REFERENCE SERIAL) ! 


-ORIGINAL PACKAGE COPY FD192 (CHAINS OF CUSTODY) lA'D 
-ORIGINAL 1B2 ENCLOSED 


-ORIGINAL PACKAGE COPY FD-192 OF 1B1 (EVIDENCE RETURNED) 
-COPY OF A SIGNED FD-597 


FD-597 RECEIPT FOR PROPERTY RETURNED TO 
IMAGESHACK ON 4/27/12 (REF SERIAL 14) 


I 





*U.S. GPO: 2004-307-714/90013 


FD-597 (Rev 8-11-94) 


File # 


UNITED STATES DEPARTMENT OF JUSTICE 
FEDERAL BUREAU OF INVESTIGATION 
Receipt for Property Received/Returned/Released/Seized 


On (date) 


(Name) 

(Street Address) 
(City) 


item(s) listed below were: 
JS^ Received From 
[j Returned To 

□ Released To 

□ Seized 



Description of Item(s): 



FD-941 (2-26-01) 


CONSENT TO SEARCH COMPUTER(S) 


i. 


have been asked by Special Agents of the 


Federal Bureau of Investigation (FBI) to permit a complete search by the FBI or its designees of any and all computers, 
any electronic and/or optical data storage and/or retrieval system or medium, and any related computer peripherals, 
described below: 

g? H-prg-Pts^gr : . 


r 


rPTI Make Model Ri Serial NnmheZ /if available^! 


Storage nr Retrieval Media rnmnnter Perinherak 


_b6 

b7C 

b7E 


and located at 


jWhich I own, possess, 


control, and/or have access to, for any evidence of a crime or other violation of the law. The required passwords, logins, 
and/or specific directions for computer entry are as follows: 


I have been advised of my right to refuse to consent to this search, and I give permission for this search, freely 
and voluntarily, and not as the result of threats or promises of any kind. 



b6 

b7C 


Location 



July 10 th Hack 


On July 10th, at approximately 7 pm PST, ImageShack’s services were compromised by a hacking 
group named anti-sec. 

The first user complaint came in at 6:59pm pst. 

Anti-sec gained access to one of our database servers. 


Server named: 



They posted this message after the attach on multiple security threads: 


This message linked back to the antisec's website: 


On Thu, 23 Jul 2009 we received an email from| 

provided some information on his site which was also hacked by the same group. 


which he 


b6 

b7C 

b7E 


email_ffom 

email_from 

attachment: 


Anti-Sec info 

The group we believe has at least two members 


some website registered under 



August 2 Hack 


On August 2 early in the morning about 12:50am pst we were compromised again. They were unable to 
effect users as we stop them in time. We have chat logs of our employee included. 


Chat logs: 


b6 

b7C 

b7E 


Estimated company loses 



/ l_l__l 

\__ \ / \ __\ I / // __ \_/ \ 

/ \l I \ I I I / / \ \\ A \ 

c / i /__l l__l / >\ >\ 

V V V V V 


> 


Proudly presents... 


C_) 


1/ / 

1 1 '_ ' _ \ / 1/ 

1/ 

_ V 

/ __l 

1 \ 

1/ __l 


1 1 1 II 1 1 (.1 1 (_l 

1 

__/ 

\__ \ 

I ll C-l l 

C-l < 

\_\ 

IJJ U !_l\ ,_I\ , 

IV 

1 

1 / 

LI 1 _ I \ , 

_l\. LI 


__/ I 
I / 


Anti -sec. We're a movement dedicated to the eradication of 
full-disclosure. We wanted to give everyone an image of what we're 
all 

about. 

Full-disclosure is the disclosure of exploits publicly - anywhere. 
The 

security industry uses full-disclosure to profit and develop 
scare-tactics to convince people into buying their firewalls, 
anti-virus software, and auditing services. 

Meanwhile, script kiddies copy and paste these exploits and compile 
them, ready to strike any and all vulnerable servers they can get a 

hold 

of. If whitehats were truly about security this stuff would not be 
published, not even exploits with silly edits to make them slightly 
unusable. 

As an added bonus, if publication wasn't enough, these exploits are 
mirrored and distributed widely across the Internet with a nice 

little 

advertisement embedded in them for the crew or website which first 


exposed the vulnerability to the public. 

It's about money. While the world is difficult to change, and money 

will 

certainly continue to be a very important in the eyes of many, our 
battle is that of the removal of full-disclosure for the purpose of 
making it harder for the security industry to exploit its 
consequences. 

It is our goal that, through mayhem and the destruction of all 
exploitive and detrimental communities, companies, and individuals, 
full-disclosure will be abandoned and the security industry will be 
forced to reform. 

How do we plan to achieve this? Through the full and unrelenting, 
unmerciful elimination of all supporters of full-disclosure 
and the security industry in its present form. If you own a 

security 

blog, an exploit publication website or you distribute any 
exploits. . . 

"you are a target and you will be rm'd. Only a matter of time." 

This isn't like before. This time everyone and everything is 

getting 

owned . 


Signed: The Anti -sec Movement 

"No images were harmed in the making of this... image. 
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Replacing images... 
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If you think that we oppose your website, our advise is to pack it up and 
shut it down, because we're coming for you. 


- anti-sec. 
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Silicon Valley Regional 
Computer Forensic Laboratory 


4600 Bohannon Drive 
Suite 200 
Menlo Park, CA 94025 



REPORT OF EXAMINATION 


To: San Francisco 

San Jose RA 

saT~ 


Date: August 9, 2010 

Case ID No.: 288A-SF-145486 

Lab No.: SV-09-0162 


Reference: Communication (Request for Service) dated October 20, 2009 
Imaging Report dated November 17, 2009 

Ref. No.: N/A 

Title: ANTISEC UNSUBS ; (V) IMAGESHACK 


b6 

b7C 


Date specimen received: October 21 , 2009 


Specimens: 


b6 
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Request: 


On October 20, 2009, Special Agent 


Federal Bureau of 


Investigation, requested that the above noted specimens, property of ImageShack, be 
examined pursuant to a signed consent form. She requested that the following items 
be searched for, identified (if present), documented, and reported on by the SVRCFL: 


1) Hacking rootkits and logs 

Summary of Examination: 

Attached and made part of this report is Imaging Report dated November 17, 2009. 
While this report addresses the examination processes, the attached Imaging Report 
addresses the imaging of the submitted evidence. 


Enclosures: 0 
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These files were exported to a digital report. The other hard drives provided did 
not contain anything that appeared to be relevant. 


Details of Examination: 


SA | 1 provided thq 


Legal authority 

for the examination was provided as a signed consent form that was reviewed by the 
examiner prior to starting the examination. 


FH 


performed: 


used the examination image for review. The following processes 


were 


i; 

2: 
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Derivative Evidence: 


Disposition of Evidence: 


1) 

2 ) 


All original items. 


lo be returned to submitting agency. 


288A-SF- 145486 
SV-09-0162 
Page 2 of 3 


For Official Use Only 
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until its released to the investigator with this report. 

4) Special handling instructions include: 

a. All files contained on this DVD have the potential to contain viruses and other 
malicious code exported from the examined computer media. Therefore, this 
DVD should not be viewed on any networked computer OR any computer 
connected to the Internet. It is recommended this DVD only be viewed on a 
standalone workstation designed for the purpose of evidence review. Please 
consult your systems administrator for assistance and guidance. 

b. In certain investigations, files and information containing contraband such as 
pornographic images and trade secrets may have been discovered and copied onto 
this DVD. This can also include pornographic and obscene images of children. 
Extraordinary care must be taken to safeguard this material and properly secure it 
when not being used for investigative or legal purposes. The SVRCFL 
recommends this DVD be secured in appropriate storage, such as an evidence 
facility, when not being reviewed by the investigator. 

c. File attributes such as time/date stamps are dependent on several factors such as 
computer date/time settings and time zones. Where possible and feasible, 
date/time attributes have been preserved and details can be found in the electronic 
report contained herein. 

d. THIS DVD SHOULD NOT BE DUPLICATED or DISSEMINATED to parties 
outside of the requesting law enforcement agency or prosecutor's office without 
first consulting with Silicon Valley RCFL. 

e. This DVD is intended primarily for law enforcement and prosecution use. It is not 
recommended that this DVD work product be used for evidentiary hearings, trials, 
or other official proceedings. If any contents of this DVD are needed for a legal 
proceeding, the Silicon Valley RCFL should be contacted so that die relevant 
items can be provided in a form suitable for these purposes. 


Examiner: 


Silicon Valley Regional Computer Forensic Lab 
Computer Analysis Response Team 
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Silicon Valley Regional 
Computer Forensic Laboratory 


4600 Bohannon Drive 
Suite 200 
Menlo Park, CA 94025 



REPORT OF EXAMINATION 


To: 


San Francisco 
San Jose RA 

s.aJ 


Date: November 17, 2009 

b6 

Case ID No.: 288A-SF-145486 b 7< 

Lab No.: SV-09-0162 


Reference: Communication (Request for Service) dated October 20, 2009 
Ref. No.: N/A 


Title: Image Shack 


Date specimens received: October 2 1 , 2009 


Specimens: 


Request: 
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Refer to the final Report of Examination for information on services requested. This 
report relates to the imaging processes only. 

Summary of Examination: 

Digital evidence media items were imaged to media to be retained as archives, and to 
staging media for future forensic examination by an assigned forensic examiner. 


Enclosures: 0 
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Details of Examination: 




Prior to conducting any forensic process, I reviewed the legal authority, presented as 
a "Consent to Search" form. 

Upon submission to the SVRCL, each submitted item was inventoried. As part of the 
inventory process, each item was assigned a unique SVRCFL bar code, and was 
entered into the SVRCFL evidence system. Where appropriate, make, model, and 
serial number for each imaged item was recorded, and each item was digitally 
photographed. 

To preserve the original evidence and minimize any risk of damage to the original, an 
exact copy of the user-accessible data located on the evidentiary items was created 
onto staging media. (The exact copy will hereafter be referred to as an image.) The 
images were created using approved and appropriate forensic imaging software to 
write to forensically clean staging media prepared for use in an examination. Unless 
otherwise noted, the original evidence was write-protected using a hardware- write 
protection device to prevent any unintentional or accidental destruction or 
modification of the original evidence. An archive copy was also made using 
approved and appropriate software. 

The staging media will be used in the examination phase to further satisfy the request, 
while the archive copy will be retained in the SVRCFL evidence control room in 
order to preserve the evidence should it be required in the future for authentication or 
court processes. 
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| All the original evidence was returned to the SVRCFL evidence control 

room. 

The following processes were performed during imaging of the original evidence: 

Physical Examination of Evidentiary items 
Write Protect Media 

Hardware Geometry and System Information 
Create Image 
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SV-09-0162 
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Verification 


* 


Items imaged: 
1.1 
2 . 

3. 

4. 

5. 

6 . 


Derivative Evidence (DE) generated during the course of this examination includes 
the fol lowing: 
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Stagi ng media used during the course of this examination includes the following: 

if 


Disposition of Evidence: 


All original evidence items returned to the SVRCFL evidence control room. All DE 
items will be retained in the SVRCFL evidence control room for a period of five 
years in order to preserve the evidence in the event additional forensic processes or 
legal proceedings require its use. After this time, the DE will be returned to the 
requestor’s agency for disposition. 


This imaging of this case is complete. The staging media will be given to an 
examiner for additional forensic processing. 


Examiner: 


Silicon Valley Regional Compter Forensics Lab 
Computer Analysis Response Team 
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Silicon Valley RCFL Return to Agency Evidence Receipt 


Regional Computer Forensics Laboratory 

4600 Bohannon Drive Suite 200, Menlo Park CA 94025 
650-289-3000 FAX: 650-289-3050 



SV-09-0162 


Evidence Details 

Total number of evidence items processed on this receipt: 9 


Description: 

Media Container: Accordion Folder 
Storage Location: [Undetermined] 

Make: 

Model: 

Serial Number: 

Case ID / Lab number: 
SV-09-0162 

Agency Case Number: 
288A-SF-1 45486 

Lab Designation / Designation Expl.: 
Not Examined (NE), [No designation 
explanation] 

Intake Container / Seal: 
None / None 

ECF Container / Seal: 
Plastic Bag / Heat Seal 

Intake Damage: 

[No damage recorded] 

Tracking Number: 



Description: 

Hard Drive: HDD 

Storage Location: [Undetermined] 

, lYlaKs; . 

Model: 

r» ! 

1 1 


Case ID / Lab number: 

i i 

SV-09-0162 

Agency Case Number: 

Lab Designation / Designation Expl.: 

288A-SF-1 45486 

Questioned (Q), [No designation explanation] 

Intake Packaging: 

ECF Container / Seal / Packaging: 

[Not recorded] 

[Not recorded] 

Intake Damage: 


[No damage recorded] 

Tracking Number: 



Description: 

Hard Drive: HDD 

Storage Location: [Undetermined] 

1 Make: 




r“" i 

Case lb i Lab number: 
SV-09-0162 

Agency Case Number: 
288A-SF-1 45486 

Lab Designation / Designation Expl.: 
Questioned (Q), [No designation explanation] 

Intake Packaging: 
[Not recorded] 

ECF Container / Seal / Packaging: 
[Not recorded] 

Intake Damage: 

[No damage recorded] 

Tracking Number: 



Property / Evidence Receipt 


bate/Time 

Released By 

Received By 

Date /Time 
06/19/2010 
12:30 PM 

| f SVRCFL (Phone: 000-000-0000) * 
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Silicon Valley RCFL Return to Agency Evidence Receipt 


Regional Computer Forensics Laboratory 

4600 Bohannon Drive Suite 200, Menlo Park CA 94025 
650-289-3000 FAX: 650-289-3050 


Evidence Details 

Total number of evidence items processed on this receipt: 9 


SV-09-0162 


Description: 

Hard Drive: HDD 

Storage Location: [Undetermined] 


Model: 

ii 

1 

Serial Number: 

Case Id 1 Lab number: 
SV-09-0162 

Agency case Number: 
288A-SF-1 45486 

Lab Designation / Designation Expl.: 
Questioned (Q), [No designation explanation] 

Intake Packaging: 
[Not recorded] 

ECF Container / Seal / Packaging: 
[Not recorded] 

Intake Damage: 

[No damage recorded] 

Tracking Number: 



Description: 

Hard Drive: HDD 

Storage Location: [Undetermined] 


Model: 




case ID / Lab number: 
SV-09-0162 

Agency Case Number: 
288A-SF-1 45486 

Lab Designation / Designation Expl.: 
Questioned (Q), [No designation explanation] 

Intake Packaging: 
[Not recorded] 

ECF Container / Seal / Packaging: 
[Not recorded] 

Intake Damage: 

[No damage recorded] 

Tracking Number: 



Description: 

Hard Drive: HDD 

Storage Location: [Undetermined] 



r* i 

1 

Serja l Number: 

Case ID / Lab number: 

1 1 

SV-09-0162 

Agency Case Number: 

Lab Designation / Designation ExpL: 

288A-SF-1 45486 

Questioned (Q), [No designation explanation] 

Intake Packaging: 

ECF Container / Seal / Packaging: 

[Not recorded] 

[Not recorded] 

Intake Damage: 


[No damage recorded] 

Tracking Number: 



Property / Evidence Receipt 


Date/Time 

Released By 

Received By 


Date /Time 
08/19/2010 
12:30 PM 

| fVRCFL (Phone: 000^)00-0000) * 

FBI (Phone: 


Slg 


ndlcates the Witness acted as an 


Document Generation Date: 08/19/2010 
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* Silicon Valley RCFL Return to Agency Evidence Receipt 


Regional Computer Forensics Laboratory 

4600 Bohannon Drive Suite 200, Menlo Park CA 94025 
650-289-3000 FAX: 650-289-3050 


Evidence Details 

Total number of evidence items processed on this receipt: 9 




Description: 

Hard Drive: HDD 

Storage Location: [Undetermined] 

Bflakai 







Case ID / Lab number: 
SV-09-0162 

Agency Case Number: 
288A-SF-1 45486 

Lab Designation / Designation Expl.: 
Questioned (Q), [No designation explanation] 

Intake Packaging: 
[Not recorded] 

ECF Container / Seal / Packaging: 
[Not recorded] 

Intake Damage: 

[No damage recorded] 

Tracking Number: 


Description: 

Media Container: plastic bag 
Storage Location: [Undetermined] 

Make: 

Model: 

Serial dumber: 

Case ID / Lab number: 
SV-09-0162 

Agency Case Number: 
[No Agency Case Number] 

Lab Designation / Designation Expl.: 
Not Examined (NE), [No designation 
explanation] 

Intake Container / Seal: 
None / None 

ECF Container / Seal: 
Paper Bag / Heat Seal 

Intake Damage: 

[No damage recorded] 

Tracking Number: 



Description: 

DVD: digital report 

Storage Location: [Undetermined] 

Make: 

Model: 

Serial Number: 

Case Id / Lab number: 
SV-09-0162 

Agency Case Number: 
[No Agency Case Number] 

Lab Designation i Designation Expl.: 
Derivative Evidence (DE), [No designation 
explanation] 

Intake Packaging: 
[Not recorded] 

ECF Container / Seal / Packaging: 
[Not recorded] 

Intake Damage: 

[No damage recorded] 

Tracking Number: 



Property / Evidence Receipt 


Date/Time 

Released By 

Received fey 

Date /Time 
0 S/1 9/2010 
1230 PM 

Name/Agcncy 

Jann Hayes , SVRCFL (Phone: 000-000-0000) * 

Name/Agency 

Melanie Adams , FBI (Phone: 

408-998-5633) 
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08/19/10 

19:29:55 

Title and Character of Case 
ANTI SEC 


FD- 192 


ICMIPR01 
Page 1 


Date Property Acquired: Source from which Property Acquired: 

SV-RCFL 

08/19/2010 


Anticipated Disposition: Acquired 


Case Agent 


Description of Property: 

IB 2 

ONE ( 1 ) CD LABELED SV-09-0162 (DERIVATIVE EVIDENCE OF 1B1) 


Barcode: E4189947 


Location: SJECR 


PRESS3 


Date Entered 


08/19/2010 


- Sf- \$5 4*6- tfr- Z 


Case Number: 288A-SF-145486 

Owning Office: SAN FRANCISCO 



Jit' 1 
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FD-1004 

Revised 

9-16-2009 


FEDERAL BUREAU OF INVESTIGATION 

EVIDENCE CHAIN-OF-CUSTODY 


Evidence Type: □ General □ Drug □ Firearm/Weapon 

& CART □ Valuable □ Firearm/Other 

Special Handling Instructions 


Initial Receipt 


Date and 
Time 

□ Batteries □ Biohazard □ FGJ 

□ HAZMAT □ Latents □ Refrigerate 

□ Req. Charging □ None 

□ Other 

Signa^ 
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Date and 
Time 

Accepted Custody 
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Date and 
Time 
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Signature: 
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Reason: 
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Date and 
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Signature: 
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Signature: 
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Date and 
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Signature: 


Signature: 


Printed Name: 

Printed Name: 

Reason: 

Reason: 

Relinquished Custody 

Date and 
Time 

Accepted Custody 

Date and 
Time 

Signature: 


Signature: 


Printed Name: 

Printed Name: 

Reason: 

Reason: 


Firearms Certification: 

Printed Name: Signature: 


Case ID: __ - Sf-I454!? 6B: 




Date: 


Barcode: 
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FEDERAL. BUREAU OF INVESTIGATION 


Precedence: ROUTINE 


To: Cyber Division 


Date: 10/08/2009 

ATT N: Computer Intrusion Un it #2 
SSA I I 


From: San Francisco 

Squad CY-2/S an Jose RA 

Contact: SA I I 

— b6 

Approved By: b7c 

7Z 

Drafted By: 

TOW , 

Case ID #: 288A-SF-NEW- (Pending)^l 

288A-SF-NEW-GJ (Pending ) ^ ( 

Title: ANTI-SEC; 

UNSUB (S), et al; 

IMAGESHACK - VICTIM; 

COMPUTER INTRUSION 

Synopsis: To Open’ Case and subfiles. 

Details: On October 8, 2009 , Special Agent (SA) met 

with employees of IMAGESHACK located at 236 North Santa Cruz 
Avenue, Los Gatos, California, 95030, to discuss two recent 
computer intrusions of IMAGESHACK servers. IMAGESHACK is a 
company which provides internet image hosting. 

IMAGESHACK advised SA that the first computer ^ 

intrusion occurred on July 10, 2009 at approximately 7 pm Pacific 
Standard Time (PST) . A group by the name of ANTI-SEC gained 
access to one of t he company database servers. The serve r the 
hacker (s) arrpssp.ri I I f or 

IMAGESHACK customers to include | I 


| |. In addition, the hacker (s) posted a message on rne 

internet which claims the ANTI-SEC is a movement dedicated to the 
eradication of full disclosure. Their message further explained 
they plan to achieve this "through the full and unrelenting, 
unmerciful elimination of all supporters of full-disclosure and 
the security industry in its present form." 


Dips 




iszrA-stF. 



>v 


To: San Franciscj^ From: San Francisco 

Re: 288A-SF-NEW, 10/08/2009 


IMAGESHACK advised this computer intrusion affected 
approximately 50 million images and every user that was on their 
site at the time viewing images. TMAGF, SHACK, is still not sure 

b6 

b7C 

b7E 


On August 2, 2009, IMAGESHACK believes the same 
hacker (s) came back and gained access to their servers again. 

IMAGESHAC K has full and complete logs. It is apparent the 

hacker (s) I I t>6 

“ | b7C 

T b7E 


IMAGESHACK believes in the first computer irii-rnsinn in 
Juiv 2009. the hacker (s) accessed one database which I I 



the Aug ust attack, IMAGESHACK believes the hacker (s) only were 


liiLe—LcL. [ 


$26,000. 


IMAGESHACK estimates their losses at approximately 


It is requested that the following subfiles be opened: 

Grand Jury SUB GJ 

It is requested that the new c ase and subfiles be 
opened and assigned to Sa| 


b6 

b7C 

b7E 


b6 

b7C 


♦♦ 


2 



U.S. Department of Justice 
Federal Bureau of Investigation 



In Reply, Please Refer to 

FileNo. 288A-SF-14 548 6-GJ 


450 Golden Gate Ave. 

San Francisco, CA 94102 
(415) 553-7400 

Nov.ember 10, 2009 


Honorable Joseph P, Russoniello 
United States Attorney 
Northern District of California 
450 Golden Gate Avenue 
San Francisco, California 94102 


Attention: | | 

Assistant United States Attorney 

ANT I -SEC; 

UNSUB (S), et al; 
IMAGESHACK - VICTIM; 
COMPUTER INTRUSION 


Dear Sir: 


Pursuant to the above captioned investigation, the 
Federal Bureau of Investigation (FBI) requests that the below 
listed individuals be placed on the Federal Grand Jury 6E list, 
in as much as they may require access to grand jury information 
during the course of the investigation: 


NAME AGENCY 

I FBI 
FBI 
FBI 
FBI 
FBI 
FBI 
FBI 
FBI 
FBI 
FBI 
FBI 
FBI 


POSITION 

Special Agent 

Special Agent 

Special Agent 

Special Agent 

Special Agent 

Special Agent 

Special Agent 

Supervisory Special Agent 

Intelligence Analyst 

SST 

Evidence Control Technician 
Evidence Control Technician 


sf Gj- Q~ 



Should you have any questi ons regarding t his matter, 


please do not hesitate to contact SA 
Resident Agency, telephone number 


San Jose 


Sincerely, 


Stephanie Douglas 
Special Agent in Charge 


By: | I 

Supervisory Special Agent 
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FEDERAL BUREAU OF INVESTIGATION 


Date of transcription 12/14/2009 


GRAND JURY MATERIAL - DISSEMINATE PURSUANT TO RULE 6(e) 


On December 14 , 2009 , Special Aaent (SA) | 

served a Grand Jury subpoena via facsimile to 1 



I The subooena 1 1 




The file copy of the Grand Jury Subpoena has been 



attached and is made a part of this document. 


b3 

b6 

b7C 



Investigation on 12/14/2009 

at Campbell, 

California 

(via facsimile) . 


File# 288A-SF-14548 6-GJ 


Date dictated' NA 


by SA 




[ 


This document contains neither recommendations nor conclusions of the FBI. It is the property of the FBI and is loaned to your agency; 
it and its contents, are not to be distributed outside your agency. 


b6 

b7C 
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•A01 10 (Rev. 12/89) Subpoena to Testify BefJBWand Jury 


NORTHERN 


ntteti States Shstrict Court 

DISTRICT OF CALIFORNIA 



SUBPOENA TO TESTIFY 
BEFORE GRAND JURY 


.SIIRPOFNAFOR; 


b3 


YOU ARE HEREBY COMMANDED to appear and testify before the Grand Jury of the United States, District 
Court at the place, date and time specified below. 


PLACE 

COURTROOM 

United States District Court 
280 South First Street 

As directed by the court 

San Jose, CA 95113 

DATE AND TIME 


January 6, 2010 at 9:30 a.m. 


YOU ARE ALSO COMMANDED to bring with you the following document(s) or object(s):* 


Please see attachment. 

Compliance with this subpoena will be deemed satisfactory when you provide all the materials to the agent serving this 
subpoena and no appearance will be necessary. 


13 Please see additional information on reverse. 

This subpoena shall remain in effect until you are 
behalf of the court. 


iepart by the court or by an officer acting on 



U.S. MAGISTRATE JUDGE OR CLERK OF COURT / 
RICHARD W. WIEKING f 

( JBfe ) 

DfcTE 

j b6 

i December 1 1 , 2009 b7C 

(By) Deputy Clerk 7 

This subpoena is issued on 
application of the United States of 
America 

JOSEPH P. RUSSONIELLO 
United States Attorney 

NAT^^BRK&AWPHONE NUMBER? ASSISTANT U.S. ATTORNEY 
kssistant U^STAm/rnew 
1 50 Almaden Blvd., Suite 900 /S // t/ 

San Jose. CA 951 13l 1 

FBI Special Agent| 


If not applicable, enter "none". 



AO 110 (Rev. 1 2/89) Subpoena to Testify Befc 


rand Jury 




FD-448 (Rev. 6-2-97) 




FBI FACSIMILE 
COVER SHEET 


PRECEDENCE CLASSIFICATION 


ED Immediate 
|~~l Priority 
[X] Routine 


CD Top Secret 
CD Secret 
CD Confidential 
CD Sensitive 
El Unclassified 


Time Transmitted: 

Sender’s Initials: J 

Number of Pages: 4 

(including cover sheet) 


I I 

Name of Office 


Facsimile Number: 


Attn: | | 

Name Room Telephone 

From: FBI San Francisco - San Jose Office 

Name of Office 

Subject: Preservation Request 


Date: 12/14/2009 


b3 

b6 

b7C 


Special Handling Instructions: 


Originator's Name: Special Agent [ 

Originator's Facsimile Number: 

Approved: 

Brief Description of Communication Faxed: 


Telephone: 


WARNING 

Information attached to the cover sheet is U.S. Government Property. If you are not the intended recipient of this 
information, disclosure, reproduction, distribution, or use of this information is prohibited (18.USC, § 641). Please notify the 
originator or the local FBI Office immediately to arrange for proper disposition. 
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FEDERAL BUREAU OF INVESTIGATION 


Date of transcription 12/14/2009 

GRAND JURY MATERIAL - DISSEMINATE PURSUANT TO RULE 6(e) 

On December 14, 2009, Special Agent ( SA) I 
served a Grand Jury subpoena via facsimile to \ f 


b3 

b6 

b7C 


The file copy of the 
attached and is made a part of 


Grand Jury Subpoena has been 
this document. 





Investigation on 12/14/2009 

at 

Campbell, California 


(via facsimile) 

File# 288A-SF-1454 8 6-GJ 

7+ 

Date dictated 

NA 

by SA 



b6 

b7C 




This document contains neither recommendations nor conclusions of the FBI. It is the property of the FBI and is loaned to your agency; 
it and its contents are not to be distributed outside your agency. 



.A01 10 (Rev. 1 2/89) Subpoena to Testify Befoi^Rnd Jury 




NORTHERN 


mteb States District Court 

DISTRICT OF CALIFORNIA 


SUBPOENA TO TESTIFY 
BEFORE GRAND JURY 

SUBPOENA FOR: 


YOU ARE HEREBY COMMANDED to appear and testify before the Grand Jury of the- United States District 
Court at the place, date and time specified below. 


PLACE 

COURTROOM 

United States District Court 
280 South First Street 

As directed by the court 

San, Jose, CA95113 

DATE AND TIME 


January 6, 2010 at 9:30 a.m. 


YOU ARE ALSO COMMANDED to bring with you the following document(s) or object(s):* 


Please see attachment. 

Compliance with this subpoena will be deemed satisfactory when you provide all the materials to the agent serving this 
subpoena and no appearance will be necessary. 


0 Please see additional information on reverse. 

This subpoena shall remain in effect until you ar^ 
behalf of the court. 


U.S. MAGISTRATE JUDGE OR CLERK OF COURT 
RICHARD W. WIEKING 

' (By) 'Deputy Clerk 


This subpoena is. issued on 
application of the United States of 
America 

JOSEPH P. RUSSONIELLO 
United States Attorney 



a^Sfesdepart by the court or by an officer acting on 


December 11, 2009 


HONE NUMBER OF ASSISTANT U.S. ATTORNEY 


jAssistant U.S./At tame 


150 Almaden Blvd., Snifp 900 
San Jose, CA 951ial 
FBI Special Agent| 


b3 

b6 

b7C 


If not applicable, enter "none". 







A0110 (Rev. 12/89) Subpoena to Testify BefJBrrand Jury 






(2) "Fees and mileage need not be tendered to the witness upon service of a subpoena issued on behalf of the United States or an officer or agency 
thereof (Rule 45(c), Federal Rules of Civil Procedure; Rule 17(d), Federal Rules of Criminal Procedure) or on behalf of certain indigent parties and 
criminal defendants who are unable to pay such costs (28 USC 1 825, Rule 1 7(b) Federal Rules of Criminal Procedure)". 



Fb-448\Rev. 6-2-97) 
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FBI FACSIMILE 
COVER SHEET 


PRECEDENCE CLASSIFICATION 


[H Immediate 
□ Priority 
[X) Routine 


□ Top Secret 

□ Secret 

□ Confidential 

□ Sensitive 
m Unclassified 


Time Transmitted: 

Sender's Initials: I I 

Number of Pages : 3 

(including cover sheet) 


To: 


Date: 12/14/2009 

Name of Of: 

? ice 


Facsimile Number: 


Attn: | | 

Name Room Telephone 

b3 

b6 

From: FBI San Francisco - San Jose Office b7c 

Name of Office 


Subject: 


Special Handling Instructions: 



Approved: 

Brief Description of Communication Faxed: 


WARNING 

Information attached to the cover sheet is U.S. Government Property. If you are not the intended recipient of this 
information, disclosure, reproduction, distribution, or use of this information is prohibited (18.USC, § 641). Please notify the 
originator or the local FBI Office immediately to arrange for proper disposition. 




302 (Rev. 10-6-95) 


*> 


- 1 - 

FEDERAL BUREAU OF INVESTIGATION 


Date of transcription 12/29/2009 


GRAND JURY MATERIAL - DISSEMINATE PURSUANT TO RULE 6(e) 


On December 23, 2009, Special Agent (SA) 
received a response to a Federal Grand Jury Subpoena via facsimile 


from f 


Tha response included the following 


b3 

b6 

b7C 



The above referenced response provided by l_ 
has been attached and is made a part of this document. 


Investigation on 


12/23/2009 at Campbell, California 


(via facsimile) 


File ft 288A-SF-14548 6 x £0y£5' 
by SA 


Date dictated NA 


b6 

b7C 


This document contains neither recommendations nor conclusions of the FBI. It is the property of the FBI and is loaned to your agency; 
it and its contents are not to be distributed outside your agency. 




5 12/23/2009 12:28 PM 

12/14/2009 16:13 

FD-448 (Rev. 6-2-97) 


18002234893 

40855811 


-» 14085581096 
FBI CYBER 


05 

PAGE 01/04 



FBI FACSIMILE 
COVER SHEET 


PRECEDENCE CLASSIFICATION 


□ Immediate 
D Priority 
GD Routine 


CD Top Secret 

□ Secret 

□ Confidential 

□ Sensitive 
03 Unclassified 


Time Transmitted; 

Sender's Initials: [___ 

Number of Pages: 3 

(including cover sheet) 


To: I 

Facsimile Number: 
Attn: 


Name of Office 


Name 


Room 


Telephone 


Fr °m; _FBI San Francisco - San Jose Office 



Name of Office 

Subject: 








Special Handling Instructions; 


Date; 12/14/2009 


b3 

b6 

b7C 


Originator's Name: Special Agent 
Originator’s Facsimile Number: 

Approved: 


Telephone: 


Brief Description of Communication Faxed: 


WARNING 


H UaC , hed 10 tbe C °r Sheel Is U ‘ s ' Govcrnmerlt Pro P er£ y- are not the intended recipient of this 

original or o!rFB?Office ,,0n ' or usc r ofthis informatic ® fe prohibited (18-USC, § 641). Please notify the 

g n or or tfte local FBI Office immediately to arrange for proper disnnsitinn .... . 



FD-302 (Rev. 10-6-95) 


FEDERAL BUREAU OF INVESTIGATION 


Date of transcription 01/06/2010 

GRAND JURY MATERIAL - DISSEMINATE PURSUANT TO RULE 6(e) 


On January 6 , 2010 , Special Agentl 
a response via facsimile to the abovementior 
from I 


received 


The information, which was provided in paper format, 
included the following information: 




investigation on 01/06/2010 at Campbell, California 


Date dictated N /A 


File # 288A-SF-1454 8 6-GJ ✓ 


This document contains neither recommendations nor conclusions of the FBI. It is the property of the FBI and is loaned to your agency; 
it and its contents are not to be distributed outside your agency. 






FEDERAL BUREAU OF INVESTIGATION 


Date of transcription 03/05/2010 


GRAND JURY MATERIAL - DISSEMINATE PURSUANT TO RULE 6(e) 



investigation on 03/05/2010 at Campbell r California (via facsimile) 

File # 28 8A-SF-14 54 86-GJ Date dictated NA 

by SA 


b6 

b7C 


This document contains neither recommendations nor conclusions of the FBI. It is the property of the FBI and is loaned to your agency; 
it and its contents are not to be distributed outside your agency. 


dh 



.A01 1 0 (Rev. 1 2/89) Subpoena to Testify Before Grand Jury 


GJ 09-1 2009R02026 


Untteb States © (strict Court 

NORTHERN DISTRICT OF CALIFORNIA 



YOU ARE HEREBY COMMANDED to appear and testify before the Grand Jury of the United States District 
Court at the place, date and time specified below. 


PLACE 

COURTROOM 

United States District Court 

As directed by the court 

280 South First Street 


San Jose, CA 95113 

DATE AND TIME 


March 17, 2010 at 9:30 am 


YOU ARE ALSO COMMANDED to bring with you the following document(s) or object(s):* 

-See Attachment- 


Compliance with this subpoena will be deemed satisfactory when you provide all the materials to the agent serving this 
subpoena and no appearance will be necessary. 


0 Please see additional information on reverse. 

This subpoena shall remain in effect until you 
behalf of the court. 

U.S. MAGISTRATE JUDGE OR CLERK OF COURT , 
RICHARD W. WIEKING 

(By) Deputy Clerk 


This subpoena is issued on 
application of the United States of 
America 

JOSEPH P. RUSSONIELLO 
United States Attorney 



■5B£5t£^IIID§^: 


epart by the court or by an officer acting on 


March 3, 2010 


HONE NUMBER OF ASSISTANT U^ATTORNEY 


□ Assistant 


j 150 Almaden Blvd., Suite 900 
San Jose, CA 951 13 f 



Special Agenl 


If not applicable, enter "none”. 



A01 1 0 (Rev. 1 2/89) Subpoena to Testify Before Grand Jury 



riutcuuic. 

(2) "Fees and mileage need not be tendered to the witness upon service of a subpoena issued on behalf of the United States or an officer or agency 
thereof (Rule 45(c), Federal Rules of Civil Procedure; Rule 1 7(d), Federal Rules of Criminal Procedure) or on behalf of certain indigent parties and 
criminal defendants who are unable to pay such costs (28 USC 1825, Rule 17(b) Federal Rules of Criminal Procedure)". 



FD-302 (Rev. 10-6-95) 


FEDERAL BUREAU OF INVESTIGATION 


Dale of transcription 03 /31/2010 

GRAND JURY MATERIAL - DISSEMINATE PURSUANT TO RULE 6(e) 

On March 29, 2010, Special Agent received 

via U.S. Postal service a response to a Grand Jury subpoena from 





investigation on 03/29/2010 at Campbell, California 


File# 288A-SF-145486-GJ 


Date dictated NA 



This document contains neither recommendations nor conclusions of the FBI. It is the property of the FBI and is loaned to your agency; 
it and its contents are not to be distributed outside your agency. 
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FEDERAL BUREAU OF INVESTIGATION 


Date of transcription 11/22 72010 


GRAND JURY MATERIAL - DISSEMINATE PURSUANT TO RULE 6(e) 

b3 
b6 
b7C 


A copy of the abovementioned Grand Jury Subpoena has been 
attached and is made a part of this document. 


On November 22, 2010, Special Agent 
served a Grand Jury subpoena via facsimile to 



investigation on 11/22/2010 at Campbell, California (via facsimile) 

File # 2 8 8A— SF — 1454 8 6 — GJ Date dictated NA 

by SA 


b6 

hlC 


This document contains neither recommendations nor conclusions of the FBI. It is the property of the FBI and is loaned to your agency; 
it and its contents are not to be distributed outside your agency. 



? 1 


1 




.AO 1 1 0 (Rev. 1 2/89) Subpoena to Testify Before Grand Jury . UJ 09* I 2009R02026 


Untteli States ©(strict Court 

NORTHERN DISTRICT OF CALIFORNIA 


SUBPOENA TO TESTIFY 
BEFORE GRAND JURY 

SUBPOENA FOR: 


YOU ARE HEREBY COMMANDED to appear and testify before the Grand Jury of the United States District 
Court at the place, date and time specified below. 

b3 
b6 

COURTROOM b7C 

As directed by the court 

DATE AND TIME 
December 8, 2010 at 9:30 am 

YOU ARE ALSO COMMANDED to bring with you the following document(s) or object(s):* 

-See Attachment- 


PLACE 

United States District Court 
280 South First Street 
San Jose, CA 95113 


Compliance with this subpoena will be deemed satisfactory when you provide ali the materials to the agent serving this 
subpoena. No appearance will be necessary. 


0 Please see additional information 


on reverse. 


This subpoena shall remain in effect until you an 
behalf of the court. 


U.S: MAGISTRATE JUDGE OR CLERK OF COURT 
RICHARD W. WIEKING 

"(By) Deputy Clerk 


This subpoena is issued on 
application of the United States of 
America 

MELINDA HAAG, 

United States Attorney 



epart by the court or by an officer acting on 


November 22, 2010 


JdONE NUMBER OF ASSISTANT U.S. ATTORNEY 
jAssis 


150 Almaden Blvd. ( Suite 91 
San Jose, CA 95113 (408) 
Special Agent Melanie Adam 


ssistaptlM. Attorney. 

(408) 369-8900 



If not applicable, enter “none". 




A01 10 (Rev. 12/89) Subpoena to Testify Before Grand Jury 



"Fees and mileage need not be tendered to the witness upon service of a subpoena issued on behalf of the United States or an officer or agency 
thereof (Rule 45(c), Federal Rules .of Civil Procedure; Rule 17(d), Federal Rules of Criminal Procedure) or on behalf of certain Indigent parties and 
criminal defendants who are unable to pay such costs (28 USC 1825, Rule 17(b) Federal Rules of Criminal Procedure)". 
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